Shared Responsibility Model

Cloud security is a shared responsibility of both cloud providers and customers.
Azure has many security certifications from outside auditors.
Physical security
- Handled by Microsoft
- Walls, cameras, gates, security personnel
- Strict procedures for employees
Digital security
- Handled by customer + Microsoft
- Azure has tools to mitigate security threats, consumer is responsible to use the tools.
- E.g. role-based access control, multi factor authentication, encryption, monitoring tools such as login failures, suspicious locations, DDoS protection, real-time telemetry & firewalls.
❗ You always retain responsibility for: Data, Endpoints, Accounts, Access management (identities)

Cloud computing levels

Responsibility	On-prem	IaaS	PaaS	SaaS
Data governance & rights management	Customer	Customer	Customer	Customer
Client endpoints	Customer	Customer	Customer	Customer
Account & access management	Customer	Customer	Customer	Customer
Identity & directory infrastructure	Customer	Customer	Cloud provider + Customer	Cloud provider + Customer
Application	Customer	Customer	Cloud provider + Customer	Cloud provider
Network controls	Customer	Customer	Cloud provider + Customer	Cloud provider
Operating system	Customer	Customer	Cloud provider	Cloud provider
Physical host	Customer	Cloud provider	Cloud provider	Cloud provider
Physical network	Customer	Cloud provider	Cloud provider	Cloud provider
Physical datacenter	Customer	Cloud provider	Cloud provider	Cloud provider