The Shared Responsibility Model, aka It’s your data so you need to back it up

While SaaS, PaaS and IaaS are great technologies, and can prove very useful to many businesses, there are some caveats. One of these caveats is the Shared Responsibility Model.

On Premises Hardware, Software and Data

When a business runs it’s own mail servers and sharepoint servers within the office building, it is a given that they are responsible for all of the IT hardware, software, and the data. Backups onsite and disaster recovery offsite are a well understood requirement. But what happens if you choose to take advantage of any cloud based technology? What if you want to move some things to the cloud and keep some data onsite? What if you want to go to the cloud completely?

All things as a Service

Today we have Software as a Service, (SaaS), Platform as a Service, (PaaS) and Infrastructure as a Service, (IaaS).

SaaS allows for the hosting of line of business applications, and the servers they run on, in the cloud. This would mean, Word, Excel, Outlook, Exchange Servers and all the data that these applications create a pass reside in the cloud. PaaS does much the same, but it is geared towards the development and scaling of applications and software. IaaS allows for the hosting of servers and their workloads in the cloud, thus relieving the end user of the need to house, cool, power and maintain these systems.

Moving from IaaS to Saas, we are shifting the shared responsibility for the maintenance of the components that combine to provide our Information Technology environment. With IaaS we no longer have to worry about the responsibility for our server and networking hardware. Moving to PaaS, we no longer worry about our server Operating Systems and to varying degrees, our network and application controls. Choosing SaaS, we have the least responsibility for our hardware and applications. Pretty much all we need is a laptop and a connection to the internet, everything else is in the cloud.

However, there is one component that we always have to be concerned about, and that is our Data! Regardless of you much responsibility you hand over to a cloud host, your data is your responsibility. Always!

Shared Responsibility in the cloud

For Azure, the shared responsibility model leaves a hole that needs to be filled, and there are no really good native solutions for backing up your data. Although the data stores may well be Fault Tolerant, they are not immune to  data corruption or data deletion.

Taking care of your data responsibilities

There are 3rd party applications that can help fill this gap and preserve your data. The front runners here would be Druva, Veeam and Acronis. These companies all have their strengths. For our purposes we will need to back up Exchange mailboxes, Sharepoint sites, OneDrive folders and Teams data. Our backups need to be version-able to allow for a clean restore of data in case of a ransomware breach. The ability to restore historic files containing essential data is also a big plus. Secure data transfer and storage is also an absolute requirement.

Druva InSync Diagram

For my money, Druva does all of this and more, centrally managed, secure and for a very reasonable price per user.


If you use MS 365, whether it is just for email or for the entire suite of applications, you need to be backing up your data. Remember, when it comes to responsibility for your data, your cloud provider, whoever they may be, they have already washed their hands of that responsibility.