How well do you know?
Shared Responsibility
Understanding cloud security means knowing that the shared responsibility model isn't designed for your protection. Cloud service providers (CSPs) secure the infrastructure of the cloud, while you're responsible for protecting your infrastructure in the cloud. Take our interactive quiz to see if you know where your responsibility begins and your cloud provider's ends. You can complete the quiz by category—answer eight questions each in the IaaS, SaaS, and/or PaaS groups—or respond to every question across all three categories.
SaaS
(Software-as-a-Service)
IaaS
(Infrastructure-as-a-Service)
PaaS
(Platform-as-a-Service)
SaaS
Guest OS
Whose responsibility?
SaaS
Network
Whose responsibility?
SaaS
Physical
Whose responsibility?
SaaS
Virtualization
Whose responsibility?
SaaS
Data
Whose responsibility?
SaaS
Application
Whose responsibility?
SaaS
User Access/ Identity
Whose responsibility?
SaaS
Infrastructure
Whose responsibility?
CorrectIncorrect
SaaS guest OS is managed by csp
As a SaaS customer, you're only responsible for securing your data and managing user access and identity.
CorrectIncorrect
SaaS network is managed by csp
Your CSP secures its network, but you still want visibility into the traffic traversing it because of threats to your workloads on the network.
CorrectIncorrect
SaaS physical is managed by csp
CSPs promise failures will never occur at this layer. That's why they limit access to physical data centers and build in layers of redundancy in case anything goes wrong at a remote location.
CorrectIncorrect
SaaS virtualization is managed by csp
While your CSP will secure its virtualized environments, you'll still want the ability to monitor activities to quickly identify security threats that could affect your data.
CorrectIncorrect
SaaS data is managed by you
You're in charge of securing your data against misconfigurations, insecure APIs, unauthorized access, and other risks in every cloud model.
CorrectIncorrect
SaaS applications are managed by csp
As a SaaS customer, you're only responsible for securing your data and managing user access and identity. However, visibility into SaaS applications traffic can help you determine if threats are in your environment or the vendor's.
CorrectIncorrect
SaaS user access/identity is managed by you
SaaS is where the CSP plays the most comprehensive role, but that doesn't relieve you of your security responsibility. In the cloud SaaS model, implementation is not your concern. However, knowing which subnets are talking to which subnets is critical.
CorrectIncorrect
SaaS infrastructure is managed by csp
Your CSP is responsible for securing the servers, databases, and code that make their SaaS offerings possible.
CorrectIncorrect
IaaS guest OS is managed by you
You're responsible for configuring, maintaining, and securing the guest OS. For example, you have to manually patch the OS every time there is a critical update.
CorrectIncorrect
IaaS network is managed by csp
Your CSP provides network connectivity similar to how they offer infrastructure for compute resources and storage. However, you're responsible for managing the application layer of a software defined network (SDN), which includes vNets and virtual private clouds (VPCs).
CorrectIncorrect
IaaS physical is managed by csp
CSPs promise that the physical layer will never be your responsibility. That's why they limit access to physical data centers and build in layers of redundancy in case anything goes wrong at a remote location.
CorrectIncorrect
IaaS virtualization is managed by csp
The CSP is responsible for securing their virtual machines, but you're in charge of securing anything you attach to them.
CorrectIncorrect
IaaS data is managed by you
This one's fairly intuitive. It's your data, so data security is your responsibility. Your IaaS vendor's security responsibility ends at the point that connects their service to your workloads.
CorrectIncorrect
IaaS applications are managed by you
Your applications are your responsibility to configure, maintain, and secure. This requires continuous monitoring and real-time threat detection to determine when and where bad actors are attempting to exploit vulnerabilities.
CorrectIncorrect
IaaS user access/identity is managed by you
As with SaaS and PaaS, you're responsible for creating secure user access and identity policies for assets and resources on an IaaS offering. Your CSP ensures the security of their infrastructure, but you control access to everything you add.
CorrectIncorrect
IaaS infrastructure is managed by csp
CSPs secure the infrastructure of the cloud, but you're responsible for protecting everything you put in the cloud.
CorrectIncorrect
PaaS guest OS is managed by csp
Your CSP is responsible for securing the guest OS, but PaaS tools and philosophies are often under active development by the cloud vendor and therefore risky.
CorrectIncorrect
PaaS network is managed by csp
PaaS vendors are responsible for securing the network. However, you'll still want east-west visibility to ensure that you can protect your data and workloads. Ask your PaaS vendor questions up front to get a feel for what kind of network security they deploy.
CorrectIncorrect
PaaS physical is managed by csp
CSPs are responsible for securing their physical data centers. They limit access to remote locations and build in layers of redundancy in case anything goes wrong, up to and including damage from natural disasters.
CorrectIncorrect
PaaS virtualization is managed by csp
CSPs will manage virtualization, but it can trigger subtle problems—problems almost never encountered in conventional data centers—that can have devastating effects on application performance. Maintaining visibility and control in this area is critical.
CorrectIncorrect
PaaS data is managed by you
Securing your data is your responsibility, regardless of whether it lives in a PaaS, SaaS, or IaaS environment.
CorrectIncorrect
PaaS applications are managed by you
The application is written by you, and you're responsible for securing it. CSPs will provide a runtime such as Lambda or Azure Web Sites, but you are responsible for the development and testing of the application itself.
CorrectIncorrect
PaaS user access/identity is managed by you
You're responsible for managing user access and identity. Your CSP ensures the security of their infrastructure, but you control access to everything you add.
CorrectIncorrect
PaaS infrastructure is managed by csp
The CSP is responsible for securing its infrastructure. You're responsible for securing all your workloads running on the CSP's infrastructure.
Score: 0 of 8 Correct
Congratulations!
You Finished the Quiz.
Thanks for taking the quiz! Learn more about ExtraHop cloud-native network detection and response solutions.
