Palo Alto Networks Cybersecurity-Practitioner Exam - Topic 3 Question 11 Discussion

Data security is the only type of security that the customer is fully responsible for when using a SaaS application. Data security refers to the protection of data from unauthorized access, use, modification, deletion, or disclosure.Data security includes aspects such as encryption, backup, recovery, access control, and compliance12. The customer is responsible for ensuring that their data is secure in transit and at rest, and that they comply with any applicable regulations or policies regarding their data.

The other types of security - physical, platform, and infrastructure - are the responsibility of the SaaS provider. Physical security refers to the protection of the hardware and facilities that host the SaaS application. Platform security refers to the protection of the software and services that run the SaaS application. Infrastructure security refers to the protection of the network and systems that support the SaaS application.The SaaS provider is responsible for ensuring that these layers of security are maintained and updated, and that they meet the required standards and certifications34.Reference:

SaaS and the Shared Security Model

A Guide to SaaS Shared Responsibility Model

The Shared Responsibility Model for Security in The Cloud (IaaS, PaaS & SaaS)

Shared responsibility in the cloud