Explore the Posture Control Workshop to see how our platform fast-tracks cloud native application security.
- See The Difference
- What is Zero Trust The strategy on which Zscaler was built
- How Zscaler Delivers Zero Trust A platform that enforces policy based on context
- Zero Trust Resources Learn its principles, benefits, strategies
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Customer Success Stories Hear first-hand transformation stories
- Analyst Recognition Industry experts weigh in on Zscaler
- See the Zscaler Cloud in Action Traffic processed, malware blocked, and more
- Experience the Difference Get started with zero trust
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Products & Solutions
- Secure Your Users Provide users with seamless, secure, reliable access to applications and data. Secure Your Workloads Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Secure Your OT and IoT Provide zero trust connectivity for OT and IoT devices and secure remote access to OT systems.
- Products Transform your organization with 100% cloud-native services
- Solutions Propel your business with zero trust solutions that secure and connect your resources
![Zscaler workplace enablement]( "Zscaler workplace enablement")
Make hybrid work possibleGet StartedSecure work from anywhere, protect data, and deliver the best experience possible for users
- Industries Our ecosystem of zero trust partners
- Partner Integrations Simplified deployment and management
![Zscaler industry partners]( "Zscaler industry partners")
Secure your ServiceNow DeploymentGet StartedIt’s time to protect your ServiceNow data better and respond to security incidents quicker
- Platform
- Platform Overview Unified platform for transformation
- Capabilities Integrated services, infinitely scalable
![Zscaler transformation]( "Zscaler transformation")
Accelerate your transformationLearn MoreProtect and empower your business by leveraging the platform, process and people skills to accelerate your zero trust initiatives
![Gartner Report]( "Gartner Report")
Gartner Magic Quadrant LeaderRead ReportZscaler: A Leader in the Gartner® Magic Quadrant™ for Security Service Edge (SSE) New Positioned Highest in the Ability to Execute
- Resources
- Content Library Explore topics that will inform your journey
- Blog Perspectives from technology and transformation leaders
- Security Assessment Toolkit Analyze your environment to see where you could be exposed
- Webinars and Demos A first-hand look into important topics
- Executive Insights App Security insights at your fingertips
- Ransomware ROI Calculator Assess the ROI of ransomware risk reduction
- Training and Certifications Engaging learning experiences, live training, and certifications
- Customer Success Center Quickly connect to resources to accelerate your transformation
- Customer Success Stories Hear first-hand transformation stories
![Customer success center]( "Customer success center")
- Security & Threat Analytics Threat dashboards, cloud activity, IoT, and more
- Security Advisories News about security events and protections
- Vulnerability Disclosure Program Webinars, training, demos, and more
- Trust Portal Zscaler cloud status and advisories
![Zscaler resources]( "Zscaler resources")
- Company
- About Zscaler How it began, where it’s going
- Leadership Meet our management team
- Investor Relations News, stock information, and quarterly reports
- Compliance Our adherence to rigorous standards
- ESG Our Environmental, Social, and Governance approach
- Events Upcoming opportunities to meet with Zscaler
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Media Center News, blogs, events, photos, logos, and other brand assets
- News and Press Zscaler in the news
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Partner Portal Tools and resources for Zscaler partners
- Summit Partner Program Collaborating to ensure customer success
- System Integrators Helping joint customers become cloud-first companies
- Service Providers Delivering an integrated platform of services
- Technology Deep integrations simplify cloud migration
- Partner Inquiry Become a Zscaler partner
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
-
What Is a Shared Responsibility Model? A shared responsibility model is a cloud security and risk framework that delineates which cybersecurity processes and responsibilities lie with a cloud service provider (CSP) and which lie with the customer. With more IT architectures moving to the cloud, a shared responsibility model promotes tighter security and establishes accountability as it relates to the security of the cloud.
Why Are Shared Responsibility Models Important?
In an on-premises data center environment, security responsibility rests solely with the owner. Accountability for maintaining security controls, patching, and physical infrastructure falls to the organization’s security team (or other responsible party, such as IT), never the hardware vendor(s). However, when portions of a network use or are composed of private or public cloud services, some security responsibilities fall to the CSP.
This is where a shared responsibility model comes in, outlining precisely which security duties, data states, locations, and so on are in the CSP’s domain and which are in the customer’s. Microsoft Azure, Google Cloud, Amazon Web Services (AWS), and other CSPs each have their own model, tailored to their specific offerings.
How Shared Responsibility Models Work
Most shared responsibility models hold you, the customer, responsible for anything under your direct control: data, credentials, and configurations, as well as any functionality that sits outside the CSP’s cloud resources, such as your organization’s firewalls and other internal network security.
A lack of clarity around responsibilities can contribute to misconfigurations that weaken your security posture and ultimately cause cloud security failures, so it’s critical that you understand where your organization’s security duties lie in relation to your providers’.
Different Types of Shared Responsibility Models
How responsibility is divided depends on the type of cloud service you’re using. You’ll always be responsible for securing your data, devices, accounts, and access management. Likewise, CSPs will always be responsible for securing the physical infrastructure—their hosts, data centers, and networks. Let’s look at where other differences come into play:
- Software as a service (SaaS): The CSP assumes security responsibility for the operating systems, network controls, and applications that make up the service, as well as data generated in the service. Responsibility varies for identity and directory infrastructure.
- Platform as a service (PaaS): Here, the onus is generally less on the cloud vendor, with the security responsibility for network controls, apps, and ID/directory infrastructure varying from one service to the next. However, they’re still responsible for the operating system.
- Infrastructure as a service (IaaS): CSPs assume the least responsibility here, with the burden solely on the customer to secure everything except for the CSP’s physical infrastructure. The customer handles all OS and application patching as well as network controls.
Advantages of a Shared Responsibility Model
In itself, the reduced customer responsibility of a cloud service is a major benefit when compared to the total liability you take on with your private on-premises infrastructure, but there’s more to be had. Sharing cloud security responsibility with a service provider also lets you take advantage of:
- Lower costs: Simply put, leveraging a provider’s security and infrastructure means less management on your end, which saves you the price of additional resources that could stretch your budget.
- Improved cybersecurity: Clearly delineating security responsibilities in cloud infrastructure reduces the risk of mistakes that lead to vulnerabilities and data breaches.
- Reduced operational burden: The more security responsibility your CSP takes on, the more time your team will have to focus on other priorities.
Challenges of Shared Responsibility
Adopting the cloud and sharing responsibility has plenty of advantages, but there are still certain potential challenges to consider.
Compliance and Ultimate Responsibility
First and foremost, you need to be able to trust your provider with your data. Your organization’s data security policies, be they internal rules or external regulations, carry a lot of influence here. If you’re selecting a provider, make sure you understand what you’re agreeing to. In many cases, your organization will still ultimately be culpable if those rules or regulations are violated in a data breach.
Understanding and Adapting
To keep up your end of the security bargain, you need to understand exactly where your responsibilities end and the CSP’s begin. Your personnel also need to know how to use the CSP’s tools and navigate their controls to avoid introducing vulnerabilities. Beyond that, you need to be able to adapt when architectures and systems change—like when new integrations are introduced—so you and your workloads stay secure.
Shared Responsibility Best Practices
The best practices specific to a given responsibility model come down to your unique needs and the provider’s offering, but there are some general practices to keep in mind in any shared security responsibility situation:
- Prioritize data security and your other responsibilities. Since you’re responsible for securing your data, endpoint devices, user credentials, and access management no matter which type of cloud service you’re using, make it a priority to meet those obligations. This extends to outlining duties and responsibilities within your own organization.
- Know what you’ve agreed to and be ready to respond to changes. A provider’s service-level agreement (SLA) will precisely lay out both their responsibilities and yours. However, they’re rarely written in stone, so it’s important to keep an eye out for updates a CSP may make to their SLAs and act accordingly if they affect your cloud environment.
- Use modern security and visibility tools. Managing security in a cloud environment can get extremely complicated given the sheer amount of resources, levels of permission, APIs, potential attack vectors, and so on. Make sure you’re staying up to date on the latest innovations in security operations and threat hunting capabilities and how you could adopt them.
How Can Your Organization Stay Secure in the Cloud?
The cloud is where modern business lives. Few would debate that. What’s equally undeniable, though, is that using cloud services opens up your users, endpoints, and data to new risks. A crucial piece of protecting yourself from those risks is ensuring you completely understand your security responsibilities.
That’s only one piece, however. Holding up your responsibilities can be a daunting proposition when you’re dealing with third-party partners, multiple supply chains, and the growing risks of ransomware, phishing, and other advanced attacks that target your endpoints, credentials, and data. These facets of your security will always fall to you, and with so many possible avenues for attacks and data loss, it’s paramount that you choose the right security partners.
Secure Your Digital Transformation with Zscaler
Zscaler can help you take advantage of all the cloud has to offer—flexibility, scale, reach, ease of use, and more—securely.
Posture Control by Zscaler is a unified, high-performance, cloud native platform built from the ground up to prioritize infrastructure and application security risks in distributed clouds and across the development and DevOps lifecycles, helping you maintain:
Secure Configurations
Maintain comprehensive CSPM controls across cloud infrastructure, resources, data, and identities.
Secure Entitlements
Secure human and machine identities while enforcing least-privileged access.
Secure Infrastructure as Code
Shift security left with the developer and DevOps workflows to fix vulnerabilities and compliance issues.
Secure Data
Secure confidential data across multiple cloud repositories while maintaining visibility, control, and compliance.
Secure Workloads and Applications
Leverage zero trust to agentlessly secure hosts, containers, and serverless functions across the full app lifecycle.
Suggested Resources
-
SaaS, IaaS, and PaaS: What the shared responsibility model means for zero trust
Read the blog -
What Is a Cloud Native Application Protection Platform (CNAPP)?
Learn more -
Posture Control for Cloud Native Applications
Take a look -
Posture Control by Zscaler
Find out more