The world’s leading publication for data science, AI, and ML professionals.

The 6 things you are responsible for in the cloud

Understanding the cloud models and the shared responsibility with the service provider

Photo by Cytonn Photography on Unsplash
Photo by Cytonn Photography on Unsplash

In this second article on the Data in the cloud series, we’re going to explore one interesting concept that has emerged in the cloud: the shared responsibility model. When thinking about moving to the cloud, you should first understand the different cloud options and how this will affect your organization. Depending on the deployment model you choose, you will have a higher or lower responsibility.

If you missed up the first post in the data in the cloud series, I recommend you to read first the article How the cloud will help (or not) your business, since we’re going to use several concepts explained there.

Understanding the different deployment models

Now, we’re ready to start. First of all, you’ll have to understand the different cloud models because depending on the model, your responsibility degree will change. The different deployment models are the following:

  • ☁️ Public cloud: when you use a public cloud, you’re using computing resources on a subscription basis. These resources can be hardware, like storage or CPU, or software, like databases or application servers. When talking to the cloud, we usually are focusing on public clouds.
  • 🔐 Private cloud: as the name suggests, the private cloud is owned and managed by your company. This type of cloud goes against the principles we’ve seen in the first article of the series because it has high up-front costs (CapEx). Nevertheless, private models are better able to address the Security and privacy concerns of organizations today.
  • 🧬 Hybrid cloud: this is like a private cloud with superpowers. This is a mix-up of the two deployment models explained before. Many firms use this deployment model to quickly scale-up their private resources with the power of the public cloud.
  • 👥 Community cloud: this is less known since it is not very common. It’s used when the same resources are shared by several organizations, that belong to a community. Universities or government, are use-cases of this deployment model.

And now, let’s explore the service models

Okay, we have several types of service models, but what kind of services we can find on them?

  • 🏗 Infrastructure as a Service (IaaS): in this service model, you’re acquiring computing resources through the Internet, like compute, storage, or network. As we commented on the first post of the series, based on the pay-as-you-go pricing model, you’ll be billed depending on the amount of capacity demanded and the time you use it.
  • 🏭 Platform as a Service (Paas): here you’ll have access to several resources where you can build and deliver your applications to the end-users without managing the underlying infrastructure. The main drawback of this service model is that it has higher costs comparing them with the other two options.
  • 🏠 Software as a Service (Saas): this is the highest level of abstraction. In SaaS, you’ll access end-user solutions. When talking about cloud, we’re often referencing SaaS, because of the type of services that you, as a user, have access to. Examples of SaaS are Google Drive, Office 365, or Salesforce.

The shared responsibility in the cloud

I’m sure at this point you’ve known what are the different cloud deployment models and service types, so now, let’s dive into the main topic in this article: the shared responsibility.

This concept has emerged to better understand what aspects you have to focus on as a cloud customer, and what aspects the cloud provider is responsible for. This model is organized into 7 key points:

  • 📄 Data classification and accountability: the responsibility for manage, classify, or meet any compliance obligation is always on the customer side. The cloud provider offers you a set of tools to help you on that task, like data encryption, data loss prevention, auditing, and so.
  • 🛡 Client protection: refers to the devices (both mobile or PC) used by end-users to access the cloud. This is also a complete responsibility of the customer.
  • 🔑 Identity and access management: this is an important point for any organization since it provides the capability to access cloud resources. The identity refers to who (specific user) is accessing your cloud and access controls what specific services this user can use. In PaaS and SaaS is a shared responsibility between the customer and the cloud provider. Also, the cloud provider will offer you a toolset to manage the security of both the authentication and authorization like multi-factor authentication (MFA), role-based access control (RBAC), or auditing.
  • 🗃 Application controls: using managed applications is a way to reduce the responsibility for managing the application layer like patch management, anti-malware, or configuration of the underlying platform. In IaaS, the customer has de complete responsibility but, in PaaS, the customer only has to configure it and the cloud provider will take care of the other aspects. In SaaS, this point is fully managed by your service provider.
  • 📡 Network controls: includes the configuration, management, and securing of the network layer such as DNS, gateways, load balancing, or virtual networking. In both IaaS and PaaS, this point is shared between the customer and the service provider but with differences. In PaaS, most of the configuration and management is on the service provider side, but the customer has a small responsibility. In SaaS, most of the responsibility is for the service provider.
  • 🏗 Host infrastructure: includes the configuration, management, and securing of the compute, such as containers or virtual hosts, storage, such as CDN or object storage, and platform services. In IaaS, this is a shared responsibility. While the customer has more control over the infrastructure, the cloud provider must ensure that the underlying elements can communicate and are configured correctly. In a higher level of abstraction (PaaS and SaaS), the service provider is responsible for this point.
  • 🏢 Physical security: as not occur on the on-premise approach, the service provider is always responsible (on all 3 models) for physical security like maintaining and securing the building, the server rooms, the server power, and cooling, or replacing replacement of defective or old components, like hard-drives or processors.
👤  represnets the customer, and 🏭  represents the service provider
👤 represnets the customer, and 🏭 represents the service provider

Summary

In a constant-changing world, reducing the time-to-market and adapting your IT capacity to the demand, are two key points that can translate into a competitive advantage. Like you and me, everyone needs to continually adapt their business to the new market demands. Also, it is important to understand that in today’s world, everybody expects that technology must work perfectly, furthermore, a product that not works properly or shows bad performance, can turn into a driver to change the competitors.

As we discussed in the previous post, the cloud has numerous advantages, however, we cannot ignore certain aspects. In this article, we have detailed the principal points that we focus on. Depending on the service models, the cloud provider will have some responsibility and, on the other side, we as customers, have to take action.

Thanks for reading the second post of the data in the cloud series. In the next article, we will focus on cloud security and comparing it with on-premise solutions.


Related Articles