Shared Responsibility: On-Prem, IaaS, PaaS, SaaS

Who patches and secures each layer? As you move right, the provider absorbs more of the stack — but the top never moves. Hover any layer for who owns it and an example.

Provider responsibility
Customer responsibility
On-Prem IaaS PaaS SaaS Physical facilities Network hardware Hypervisor Host OS Guest OS / VM Runtime / middleware Application Configuration Data & identities Physical facilities Network hardware Hypervisor Host OS Guest OS / VM Runtime / middleware Application Configuration Data & identities Physical facilities Network hardware Hypervisor Host OS Guest OS / VM Runtime / middleware Application Configuration Data & identities Physical facilities Network hardware Hypervisor Host OS Guest OS / VM Runtime / middleware Application Configuration Data & identities
In every model, data, identity, and configuration are always the customer's job.