Certified Information Systems Security Professional (CISSP) — Question 237

As a design principle, which one of the following actors is responsible for identifying and approving data security requirement in a cloud ecosystem?

Answer options

• A. Cloud auditor
• B. Cloud broker
• C. Cloud provider
• D. Cloud consumer

Correct answer: D

Explanation

The correct answer is D, the Cloud consumer, as they are the ones who directly utilize the cloud services and thus define their security requirements. The Cloud auditor evaluates the security measures, the Cloud broker acts as an intermediary, and the Cloud provider offers the services but does not set the consumer's security needs.