The Shared Responsibility Model & Microsoft 365

Shared Responsibility Model MS 365 Security

The shared responsibility model. You may have heard of it, but do you know what it is or what it means for your business? Before we jump in, there are a few things that you need to understand about your cyber security. 

With more and more businesses using cloud services like Microsoft 365 (MS 365), they are starting to become the standard. And though we do recommend the use of the cloud, you must also assess your risks when using these platforms. Take a minute to think about what could happen, even if you think there is little to no chance a breach or cyber attack could happen to you, they need to be considered.

We often hear businesses say that they don’t need to worry about cyber security because they’ve never been breached or hit with ransomware. Former IBM Ginni Rometty said cybercrime “the greatest threat to every profession, every industry, every company in the world.”  and Former FBI Director James Comey said “There are two kinds of companies in the United States. There are those who’ve been hacked … and those who don’t know they’ve been hacked.” 

At this point, the discussion about cyber attacks should be based on the assumption that every business will eventually by affected. It’s time make cybersecurity a priority and to protect your organization, employees and clients.

Not sure if your 365 is secure? Download this free checklist.

What Is the Shared Responsibility Model?

In an on-premises datacenter you are responsible for everything including security.  As you move workloads to the cloud, some responsibilities transfer to the Cloud Service Provide (CSP), hence the concept Shared Responsibility model.

When moving workloads to the cloud  it’s critical to understand the shared responsibility model including which security tasks the CSP is responsible for and and which tasks your organization is responsible for.  They will vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises datacenter

With cloud services improving and evolving, people often use them with blind trust and a lack of understanding of who is responsible for what. They assume that because the technology is advancing, they are going to be kept safe when using the cloud. But that is typically not the case when you are running with the default settings.

It’s On YOU: Cloud Security

Cloud services are not responsible for protecting your information. That bears repeating. It is your responsibility to keep your business safe. Understanding your risks is critical, because breaches, ransomware and other attacks are not scary hypotheticals, they actually happen with increasing regularity and impact. You need to understand what the cloud will do to assist you in protecting yourself, and what you need to take upon yourself.

Microsoft 365 Shared Responsibility Model

With Microsoft 365, there are a variety of aspects to the shared responsibility model. Here are the most critical to take into your own hands:

  • Microsoft 365 is NOT obligated to protect the loss of your data in the instance of an app outage. Though Microsoft takes many measures to keep service up and running, in the instance of an outage, there may be a loss of your data. You need to know that Microsoft is not liable for this. Microsoft makes it clear that in order to keep your data safe, you should back it up with a third-party application
  • Microsoft is NOT liable for data loss due to a deprovisioned user account. Their policy states that information is kept for 90 days after the termination of an account. If you terminate your MS 365 account and do not retrieve or back up your information with a third party, it will be permanently lost after the 90-day period is up. 
  • Microsoft is NOT liable for data loss as a result of data that was inadvertently or maliciously deleted.  If a user accidentally or maliciously deletes data and it is not discovered for more than 90 days, it is lost forever.

Backups aren’t the only security concern. Microsoft 365 comes with a variety of security features, but it is up to you to configure them for your business. Check out the 21 critical controls we recommend in our Microsoft 365 Security Checklist.

Now What?

After hearing about what actions you need to take, you might be wondering where to start. We recommend Datto SaaS Protection, which is  a powerful and secure backup solution for your MS 365 tenant. If you want to learn more, feel free to contact us or book a no-obligation consultation so we can help. 

We’ve also created the Microsoft 365 Security Checklist to help you make sure your MS 365 Security is configured correctly. It’s a free resource that could save you time, money and damage from a cyber attack.

Download the Checklist

Intrust IT Intrustimonials

Intrust Man

Intrust Man may be small, but he is mighty smart. You can trust this clever cartoon hero to provide news you can use.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Fundamentals of Information Technology Management - Intrust

IT 101: What Is Information Technology Management?

When was the last time you stopped to think about how your business relies on technology? Information technology management is...
Avoid Pig-Butchering - Intrust IT

Pig-Butchering Scams: What They Are and How to Stay Safe

At Intrust IT, we understand that it may feel like the specter of cybersecurity is always breathing down your neck....
3 Reasons to Replace Aging Equipment - Intrust IT

Three Compelling Reasons Your Company Should Replace Its Aging Computers Before Year-End

As the end of the year approaches, businesses everywhere are evaluating their budgets and looking for strategic opportunities to invest...
What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...