In the typical IaaS, the consumer must provide security for the Guest operating system, middleware, and applications or software as a service layers. The provider provides security for the host operating system and any management control services and applications provided. The consumer is responsible for obtaining services and service level agreements that meet their requirements. The consumer/user may want to obtain a copy of the providers security control reports and other information. Important issues include authentication, access controls, data management and recovery, ownership of data, data santization, continuous monitoring, incident reporting, and other issues.