Under the shared responsibility model for cloud security, the responsibility for the protection of the physical hardware and the foundational network infrastructure, including the data centers, rests with the cloud service provider, regardless of whether the firm uses infrastructure, platform, or software-based service offerings. Users of the service are responsible for securing the data, applications, and access control elements that they configure and manage on top of the provided infrastructure.