In a Software as a Service (SaaS) environment, the cloud service provider (CSP) is responsible for securing the platform. Managing Cloud principles explain that SaaS places the majority of security responsibilities on the provider, including infrastructure, operating systems, middleware, and application security.

Customers primarily manage user access, data usage, and configuration settings, while the provider ensures availability, patching, vulnerability management, and platform protection. This division of responsibility simplifies security management for consumers.

The other options misrepresent shared responsibility boundaries. In IaaS, customers secure the platform, and in PaaS, providers manage infrastructure. Therefore, option D accurately characterizes application movement to the cloud.