1.4.2. Shared Responsibility: Customer's Role

First Principle: The customer is responsible for "security in the cloud," securing their own data, applications, identities, and network configurations within the Azure services they consume.

The customer's responsibility in the Azure Shared Responsibility Model is for "security in the cloud." This means customers are responsible for the security of their data, applications, and configurations within the Azure environment.

Key Customer Responsibilities ("Security in the Cloud"):

• "Application Code": Securing your own application code, including input validation, secure coding practices, and protection against common vulnerabilities (e.g., "OWASP Top 10").
• "Data Security": Data encryption (at rest and in transit), data integrity, and data classification for data stored in Azure Storage, Azure SQL Database, etc.
• "Identity and Access Management": Configuring Entra ID users, groups, and "Role-Based Access Control (RBAC)" policies for your applications and resources.
• "Network Configuration": Configuring "Network Security Groups (NSGs)", "Azure Firewall", and "Virtual Network (VNet)" settings for your application's components.
• "Guest Operating System (for IaaS)": Applying patches, security updates, and firewall configurations for the operating system running on Azure Virtual Machines.
• "Security Monitoring": Configuring "Azure Monitor alerts" and reviewing "Azure Activity Logs" and "Resource Logs" for your application.

Scenario: You have developed a web application that stores sensitive customer data in an Azure SQL Database. You need to ensure the application code is secure, data is encrypted, and user access is properly managed.

Reflection Question: How does a developer's responsibility for "security in the cloud" (e.g., securing application code, encrypting data, configuring access controls) fundamentally impact the overall security posture of an Azure-hosted application, even though Microsoft secures the underlying platform?