What is a Shared Responsibility Model in Software as a  Service?

Software as a service (SaaS), sometimes called on-demand software, is one of the many benefits of the migration to the cloud. SaaS offerings follow a subscription-based model, and allow IT staff to remain focused on high-value tasks for the business, executing strategies quickly and more effectively. However, an often-overlooked aspect of utilizing SaaS, is who is responsible when an issue arises.

Typically, the SaaS provider will publish an SLA with roles and responsibilities as it relates to the service, and in most cases, the roles and responsibilities will follow a shared responsibility model. In a shared responsibility model, the SaaS provider and the customer will each be responsible for various components that make up the service. The SaaS provider will be responsible for things under their control, such as physical infrastructure, environmental, and compute infrastructure, and the client is responsible for transporting and securing the data that is part of the SaaS offering.

One of the largest SaaS offerings on the market is Microsoft Office 365, and they do a great job of showing what the shared responsibility is (see below).

 

Microsoft shared responsibility model

 

As depicted in the Microsoft Office 365 shared responsibility diagram, the customer is responsible for the information and data that is stored in Microsoft Office 365. For example, without any additional backup protection, Microsoft can only retrieve data deleted within their limited 14-day retention period, showing you how important it is to protect that data. Additionally, it needs to meet the retention requirements identified by the organization. With the increase in the remote workforce (and the amount of data being utilized in applications like email, One Drive, Share Point, and now Teams), it’s critical that this data is not forgotten, especially as it relates to data protection and/or compliance. This isn't just Microsoft though. Most SaaS providers follow similar models of shared responsibility, and without proper backup, that data is extremely vulnerable.  

If you’re using Microsoft Office 365 or another SaaS offering and you aren’t able to properly back it up, or you aren't sure if you hold the responsibility of doing so, consider DSM, Florida’s preferred cloud provider. DSM protects your data wherever you store it: on-site, off-site, in the private or public cloud, and even hybrid environments. For systems of all sizes, DSM ensures ready, reliable access to your essential data. 

For more information on how DSM can help your business, contact our team of experts today. 

Related posts