云中责任分担Shared responsibility in the cloud

当你考虑和评估公有云服务时,必须了解共担责任模型、由云服务提供商处理的安全任务以及由你处理的任务。As you consider and evaluate public cloud services, it’s critical to understand the shared responsibility model and which security tasks are handled by the cloud provider and which tasks are handled by you. 工作负荷责任因各种因素而异,具体取决于工作负荷是托管在软件即服务 (SaaS) 上、平台即服务 (PaaS) 上、基础结构即服务 (IaaS) 上还是托管在本地数据中心The workload responsibilities vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises datacenter

责任划分Division of responsibility

在本地数据中心,你拥有整个堆栈。In an on-premises datacenter, you own the whole stack. 当你迁移到云时,某些责任将转移到 Microsoft。As you move to the cloud some responsibilities transfer to Microsoft. 下图说明了你和 Microsoft 之间的责任区域,具体取决于你的堆栈的部署类型。The following diagram illustrates the areas of responsibility between you and Microsoft, according to the type of deployment of your stack.

责任区域

对于所有云部署类型,拥有数据和标识。For all cloud deployment types, you own your data and identities. 需要负责保护由你控制的数据和标识、本地资源及云组件的安全(保护的项目因服务类型而异)。You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control (which varies by service type).

无论部署类型如何,你始终要承担以下责任:Regardless of the type of deployment, the following responsibilities are always retained by you:

  • 数据Data
  • 终结点Endpoints
  • 帐户Account
  • 访问管理Access management

云的安全优势Cloud security advantages

云在解决长期存在的信息安全难题方面具有显著优势。The cloud offers significant advantages for solving long standing information security challenges. 在本地环境中,组织的可用资源可能有限,无法尽责在安全措施上投资,使得攻击者能够利用所有层中的漏洞。In an on-premises environment, organizations likely have unmet responsibilities and limited resources available to invest in security, which creates an environment where attackers are able to exploit vulnerabilities at all layers.

下图显示了一种传统方法,其中的许多安全责任由于资源有限而无法履行。The following diagram shows a traditional approach where many security responsibilities are unmet due to limited resources. 在启用云的方法中,你可以将日常安全责任转移到云服务提供商,并重新分配资源。In the cloud-enabled approach, you are able to shift day to day security responsibilities to your cloud provider and reallocate your resources.

云时代的安全优势

在启用云的方法中,你还可以利用基于云的安全功能来提高效率,并使用云智能来缩短威胁检测和响应时间。In the cloud-enabled approach, you are also able to leverage cloud-based security capabilities for more effectiveness and use cloud intelligence to improve your threat detection and response time. 通过将责任转移到云提供商,组织可以扩大安全覆盖范围,为其他优先业务重新调配安全资源与预算。By shifting responsibilities to the cloud provider, organizations can get more security coverage, which enables them to reallocate security resources and budget to other business priorities.

后续步骤Next steps

若要详细了解你和 Microsoft 在 SaaS、PaaS 和 IaaS 部署中的责任划分,请参阅云计算的共担责任For more information on the division of responsibility between you and Microsoft in a SaaS, PaaS, and IaaS deployment, see Shared responsibilities for cloud computing.