The Shared Responsibility Model

1 min read Advanced Security Topics

The Shared Responsibility Model

Understanding responsibility boundaries is crucial for effective cloud incident response:

Infrastructure as a Service (IaaS):

  • Provider Responsibility: Physical security, hypervisor, network infrastructure
  • Customer Responsibility: Operating systems, applications, data, identity management

Platform as a Service (PaaS):

  • Provider Responsibility: Everything below plus runtime, middleware, OS
  • Customer Responsibility: Applications, data, user access

Software as a Service (SaaS):

  • Provider Responsibility: Entire stack except data and user access
  • Customer Responsibility: Data classification, user permissions, access management