Exam CISSP topic 1 question 83 discussion

https://www.isc2.org/Articles/Responsibility-and-Accountability-in-the-Cloud Data Security - Customer responsibility

In all models of cloud, Data is always Customer's responsibility.

Copy form chapter 3.4: Users often mistakenly assume that their CSP is responsible for all security, but users have responsibility for securing their own storage and processing capabilities. So clear that is D

Answer D) Cloud Consumer is responsible for DATA SECURITY on IaaS - PaaS - SaaS https://www.isc2.org/insights/2021/02/responsibility-and-accountability-in-the-cloud

D. is the correct answer. Think of it like this; Who ever owns the data, decides how they want the data they own identified, classified and secured. The data owner always has the ultimate say and in this case, the cloud consumer would be considered the data owner. Imagine if the data being stored contained important propriatory information, would you as the owner of the data (the clod consumer) want the cloud provider deciding on how to classify and secure your data? Absolutely not. So in a very logical way, you can see that the correct answer is undeniably D.

The cloud consumer is the entity or organization that utilizes cloud services. In the context of data security, the cloud consumer plays a key role in identifying and specifying the security requirements for their data when using cloud services.

D is correct - generally cloud provider is responsible for some level of security but the wording here is Requirements and Approval, that is requested and approved by the consumer. cloud providers will make more money by selling different security packages to consumers.

Cloud consumer

the correct answer is C. Cloud provider. The Cloud provider is responsible for identifying and approving data security requirements in a cloud ecosystem. They are the ones who offer the cloud services and resources to the Cloud consumers. As part of their role, Cloud providers are expected to implement security measures and controls to protect the data and ensure compliance with applicable regulations and standards.

D. Cloud consumer is responsible for identifying and approving data security requirements in a cloud ecosystem as a design principle. A cloud consumer is the organization or individual who utilizes the cloud services offered by a cloud provider. As such, it is the responsibility of the cloud consumer to identify and approve the data security requirements for their specific use case and business needs. This includes assessing the risks and vulnerabilities associated with their data and applications, and determining the appropriate controls and safeguards that are required to protect them. The cloud consumer must also ensure that the cloud provider is able to meet these requirements,

100% Cloud Consumer. The cloud service provider does not take any responsibility of security lapse on customer.

Data in any cloud model is always owned by the customer and they are responsible to identifying and approving data security requirement. ! Consumers must have security consultants who decide the security requirements. ! I go with D

Answer D Page 12 of link explain : Because cloud Consumers retain ownership of the data residing in a cloud Ecosystem, they usually keep the security authorization in- house and are responsible for identifying all security requirements pertaining to the cloud Ecosystem’s hosting and processing of this data. Cloud Consumer A person or organization that maintains a business relationship with, and uses service from, Cloud Providers. Cloud Provider A person, organization, or entity responsible for making a service available to interested parties. Cloud Auditor A party that can conduct an independent assessment of cloud services, information system operations, performance and security of the cloud implementation. Cloud Broker An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers. Cloud Carrier An intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=919233

I with D.

For data security I am thinking of "D" - No matter if we are in the cloud...... We are still responsible for our data. YES it is stored in the cloud but if anything happens to the data. It's "US" the company in the news - not the cloud provider.

Cloud providers have multiple offerings that accommodate different information assurance levels.