In cloud security, what does the shared responsibility model describe?

Security responsibilities in the cloud are shared between the provider and the customer, and who handles what depends on the service model. The provider secures the underlying infrastructure—the physical data centers, networking, hardware, virtualization, and the foundational platform. The customer is responsible for the security of what they put into the cloud: their data, encryption keys, access controls, and the configurations and management of the services they use. In IaaS, this division means you manage the operating system, applications, and data, while the provider secures the infrastructure. In PaaS, the provider handles more of the stack, but you still secure your data and how you configure and access the platform. In SaaS, the provider runs most of the stack, and you focus mainly on data governance and user access rights. This reflects why the correct description is that the provider handles some layers (infrastructure) while the customer handles others (data, configurations) depending on the service model.