Updated: May 31, 2023 (March 6, 2023)

  Charts & Illustrations

The Shared Responsibility Model

My Atlas / Charts & Illustrations

260 wordsTime to read: 2 min
Barry Briggs by
Barry Briggs

Before joining Directions on Microsoft in 2020, Barry worked at Microsoft for 12 years in a variety of roles, including... more

Many organizations labor under the mistaken assumption that cloud providers assume all the responsibility of security and regulatory compliance for their customers. This is not correct; organizations should understand how cloud providers divide responsibilities between themselves and customers.

In short, cloud service providers, including Microsoft, have adopted a policy, called the Shared Responsibility Model, which states responsibilities and accountabilities for security and compliance are shared between provider and customer.

The extent to which each (provider and customer) has compliance responsibilities depends on which maintains the indicated service, and where that service runs. As the illustration shows, customers are responsible for all on-premises assets.

However, because Microsoft maintains and supports cloud datacenters, it is responsible for the security and compliance of the physical datacenter, network, and infrastructure components, such as servers.

In general, in the cloud customers maintain responsibility for the cloud data and applications or services that they maintain; however, the level to which they are responsible can vary depending on what type of services they use. For example, because Microsoft maintains SaaS services such as Microsoft 365 and Dynamics 365, it retains responsibility for all the components of those services (OS, database, application code): but customers are responsible for the data that they store in them. Thus if an organization stores personally identifiable information (PII) in an insecure manner in Dynamics 365, the organization is accountable, not Microsoft.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now