In the Software as a Service (SaaS) model, data security is a shared responsibility between the cloud provider and the enterprise. Managing Cloud principles explain that while the cloud service provider is responsible for securing the infrastructure, platform, and application itself, the customer retains responsibility for how data is used, classified, accessed, and governed.
The provider ensures data is protected through encryption mechanisms, availability controls, and secure storage, while the enterprise is responsible for data ownership, access permissions, identity management, and compliance with regulatory requirements. This shared ownership requires close coordination to ensure confidentiality, integrity, and availability of data.
Application, platform, and physical security are primarily the provider’s responsibility in SaaS. Therefore, data is the correct answer.
