课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Shared responsibility model - Microsoft Security Copilot教程

课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Shared responsibility model

- [Instructor] The shared responsibility model is an important concept in cloud computing and security. In the past, organizations ran all their systems and applications on premises, so they were 100% responsible for everything. However, with the wide adoption of the cloud, many corporate workloads have moved to the cloud, like a Microsoft Azure. Now, the question is, who is responsible for doing which security tasks? For example, when it comes to installing a security patch for an operating system like Windows or Linux, is this the responsibility of the customer or the cloud provider? The answer is, it depends. It depends on the type of cloud service the organization is using. There are three common cloud service types. IaaS, Infrastructure as a Service. It requires the customer to manage most workloads, except for the physical components in the cloud, like computers, networks, and data centers. For example, you created a virtual machine in Azure. That's Infrastructure as a Service, PaaS, Platform as a Service. In this model, the customer focuses on applications, while the cloud provider manages the underlying operating systems and infrastructure. For example, Azure App Service is a managed platform for developing web applications. And SaaS, SaaS, Software as a Service. This model requires the least management from the customer. For example, Microsoft 365 is a SaaS product. The customer subscribes to its services and uses apps like Word, Excel, and Teams, they don't need to worry about software development, the operating system, and underlying infrastructure. Here's a diagram from Microsoft that illustrates the shared responsibility model across different cloud service types. As you can see, for on-premises hosting, the customer is responsible for everything, while moving from IAS to PAS and then to SAAS, the customer's responsibilities decrease, while the cloud provider, like Microsoft, handles more of tasks. The key difference between PaaS and IaaS is who manages the operating system. If the cloud provider handles it, then it's PaaS. If the customer does it, then it's IaaS. The distinction between SaaS and the PaaS is who manages applications. If the cloud provider handles it, then it's SaaS. If the customer does it, then it's PaaS. Also, remember, regardless of the cloud service type, some responsibilities always stay with the customer, including information and the data, endpoint devices like laptops and mobile phones, and accounts and identities used to access resources.

内容