SaaS, Server, AND Endpoint backup!? Take advantage of bundled pricing from now until December 31st. Get A Quote

Glossary Terms

What is the shared responsibility model?

What is the shared responsibility model?

The shared responsibility model is the foundation of secure public cloud environments. It establishes a clear line between what you (the customer) and the Cloud Service Provider (CSP) are each responsible for. Your cloud provider ensures the infrastructure runs smoothly—they handle things like servers, storage, and the physical security of their data centers. But, once you begin using their services, it’s your responsibility to manage the data you input, to configure security settings, and to monitor user access.

For example: Imagine you’re renting a car. You’re responsible for filling it with gas, driving safely, and returning it on time. But the rental company handles maintenance, insurance, and making sure the car is roadworthy. Essentially, that’s the shared responsibility model. It’s a clear agreement about who cares for what – in this case, you and the car rental company. 

Why are shared responsibility models important?

Picture running an on-premises data center. You’d be responsible for everything—maintaining the physical servers, patching vulnerabilities, securing your data, and keeping hackers at bay. It’s all on you, and there’s no backup squad to share the load. But when you start leveraging cloud services like Microsoft Azure, Google Cloud, or AWS, suddenly some of those responsibilities aren’t yours anymore. They belong to the cloud service provider. 

The shared responsibility model acts as a chore chart for security. It clearly outlines what the cloud provider manages (like infrastructure security) and what’s still your job (like data and access controls). This clarity guards against task neglect and ensures a secure, well-managed environment.

What are the types of shared responsibility models?

The CSP consistently handles securing their physical infrastructure, like hosts, data centers, and networks. The rest depends on the type of service you choose. But why does it matter? Understanding these models can help you secure your data and prevent gaps.

  • Software as a Service (SaaS)
    The CSP takes charge of securing operating systems, network controls, applications, and data created in the service. You handle identity and directory management. Again, going back to the rental car analogy – it’s like renting a fully serviced car—your belongings are your responsibility, but they maintain everything else.
  • Platform as a Service (PaaS)
    The CSP secures the operating system here, but you manage network controls, apps, and identity infrastructure. It’s like renting an apartment: management fixes major systems, but you secure the inside.
  • Infrastructure as a Service (IaaS)
    You take on almost all responsibilities, including operating systems, apps, and network security, while the CSP only handles physical infrastructure. It’s like building on rented land—you manage everything inside. 

How is the shared responsibility model applied in practice?

Moving to the cloud means your cloud provider handles everything, but security works differently. The shared responsibility model means you and your cloud service provider (CSP) share the workload—each of you manages what’s directly under your control.

What you handle

If the data is yours, you secure it. Whether you use SaaS, PaaS, or IaaS, your CSP can’t manage or monitor your data. Things you are responsible for handling:

  • Limit access, and follow compliance rules to keep it safe.
  • You manage access and secure logins with the right tools.
  • You protect connected devices from ransomware and other threats.
  • You configure APIs, storage, and systems properly to prevent breaches.
  • You write and deploy apps using secure practices.

What does the cloud service provider (CSP) manage?

Your CSP focuses on securing the infrastructure and systems they own. They handle:

  • Securing data centers, hardware, and facilities to protect the physical infrastructure.
  • Managing systems that make cloud functionality possible.
  • Providing tools like firewalls and network defenses to enhance security.
  • Securely deploy and configure cloud infrastructure for SaaS applications.
  • Implementing authentication methods (e.g., MFA) and managing permissions.
  • Protecting the software and its underlying code.

What are the benefits of the shared responsibility model?

Adopting a shared responsibility model for cloud security makes your life easier and your business safer and more resilient.

  • Lower costs

You save money by letting your cloud provider handle some security tasks, reducing the need for extra tools or staff. 

  • Clear accountability 

Using the shared responsibility model clearly spells out who does what, reducing confusion during incidents.

  • Scalability

Security strategies for your model can be adjusted as your business grows. 

  • Reduced operational burden

By letting your CSP shoulder more of the security workload, your crew can shift their focus to other big-ticket priorities.

We’ve got your back(up)

Find the perfect data backup and recovery solution with our plan comparison. Kick-start your journey with a free trial.

Get Started
Related Glossaries
View all
What is shadow data?
August 22, 2024
Read more
What is deduplication?
August 2, 2024
Read more
What is BaaS (backup as a service)?
August 2, 2024
Read more
What is cloud encryption?
July 1, 2024
Read more

CrashPlan® provides peace of mind through secure, scalable, and straightforward endpoint data backup. We help organizations recover from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware or an as-of-yet undiscovered calamity.

© 2024 CrashPlan® All rights reserved.