When you address security in the cloud for your enterprise use, you need to think of it in several layers:
Layer 0 is the primary IaaS cloud on which everything else runs; typically, Amazon Web Services, Microsoft Azure, Google Cloud Platform, IBM Cloud, or Alibaba.
Layer 1 is the SaaS provider for your applications and servers. The SaaS offerings typically run on (someone else’s) Layer 0 provider, or come from a Layer 0 provider that also offers SaaS. Your own cloud-delivered apps are in this layer as well.
Layer 2 is the specific application and its user.