Understanding Responsibility Segregation in Azure Cloud Architecture

by Scott Gerold - October 5, 2023

Understanding the segregation of responsibility in the cloud is critical when designing a cloud architecture.  It is essential that we understand those services and resources that fall under the responsibility of Microsoft Azure, the customer, or shared between Azure and the customer in order to manage cloud resources effectively. 

The segregation of responsibility and customer control is demonstrated across the 3 different Azure deployment models.

Infrastructure as a Service (IaaS): is virtual computing in the cloud and provides us the means to build full IT infrastructures. Azure will take care of the physical components while customer are mostly responsible for maintaining and governing their own infrastructure.   Examples include:

  • Azure Virtual Machines
  • Azure Virtual Networks
  • Azure Blob Storage

Platform as a Service (PaaS):  is a platform for building, deploying and managing applications without having to worry about the infrastructure.   Azure abstracts the underlying infrastructure.  Customers are responsible for their own code, data, and applications while deploying them on infrastructure controlled by Azure.   Examples include:

  • Azure App Services
  • Azure Functions
  • Azure SQL Database

Software as a Service (SaaS): is software applications over the internet usually available on a subscription basis.   Providers are responsible for all aspects of the application infrastructure, maintenance, and updates.  Users access the software via the internet with no responsibilities other than their data.  Examples include:

  • Microsoft 365
  • Azure DevOps Services
  • Azure Active Directory

The diagram below from Microsoft Learn breaks down the responsibilities of Microsoft, Customer, or both among the deployment models. 

The customer will always be responsible for all services, processes, and resources when we are looking at on-prem.   This is fairly obvious.    The customer will also be responsible for all information or data, devices (hardware), and accounts and/or identities, regardless of on-prem or residing in the cloud.

You will be able to manage and secure your Azure environments and ultimately deliver an architecture with best practices by fully understanding the segregation of responsibilities for Azure Cloud.

Scott Gerold is the Practice Lead, Application Development & Integration Services for Star Seven Six, Ltd. A professional solutions architect with over 20 years experience. He has a strong background in software architecture, software development, Cloud platforms, and Agile methodologies including Scrum, SAFE, Kanban, and XP.