An organization is transitioning to an Infrastructure as a Service $($IaaS$)$ model with a third$-$party vendor. What should the organization's security officer do to ensure the security of deployed applications and data?

A$.$Implement user identity management and access controls to cloud resources

B$.$Rely entirely on the vendor's encryption and access control mechanisms

C$.$Assume that physical security of the data is the user's responsibility

D$.$Focus solely on securing the foundational elements of networking