Certificate of Cloud Auditing Knowledge (CCAK) — Question 4

When using a SaaS solution, who is responsible for application security?

Answer options

• A. The cloud service provider only
• B. The cloud service consumer only
• C. Both cloud consumer and the enterprise
• D. Both cloud provider and the consumer

Correct answer: D

Explanation

The correct answer is D because both the cloud provider and the consumer share responsibilities for application security. The provider secures the infrastructure and application itself, while the consumer is responsible for user access and data security. Options A and B incorrectly suggest that only one party is responsible, and option C does not fully encompass the provider's role.