Shared Responsibility Model for Cloud Platforms (GCP, AWS and Azure)

Infrastructure as a Service (Iaas) public cloud services are all governed by what is commonly referred to as the Shared Responsibility Model.

The shared security model defines the relationship, and roles and responsibilities between cloud providers and customers. If you're unfamiliar with the shared responsibility model for cloud computing, Dominique West provides an excellent introduction on LinkedIn Learning in under 5 minutes.


  • The cloud vendor (GCP, AWS or Azure) has responsibility for the "Security of the Cloud"
  • The customer (individual account holder) has responsibility for "Security in the Cloud"

Shared Responsibility Model Diagram

(Original image courtesy of CloudCheckr)

The UW has implemented some tools & best practices to help faculty and staff meet their responsibilities, but the account owner still maintains the responsibility to achieve & maintain the appropriate security controls per campus policy. The cloud team can advise and consult on best practices (Contact the Public Cloud Team).   

This approach enables faculty and staff the flexibility to leverage the many different services and the flexibility of the public cloud providers, while working with valuable institutional or research data, without imposing limitations or restrictive guidelines for use. Campus has other services that are eligible for use with Restricted and Sensitive data, so if you and / or your local IT department have concerns or questions regarding these responsibilities, please reach out to us. We are happy to help you make an informed decision on what meets your needs.

Some resources for better understanding the Shared Responsibility Model

Keywordsgoogle gcp data elements classification restricted sensitive internal public security baa shared responsibility model aws amazon azure microsoft   Doc ID115300
OwnerSteve T.GroupPublic Cloud
Created2021-12-17 12:09:22Updated2021-12-20 15:46:39
SitesPublic Cloud
Feedback  0   0