Content stored within a SaaS/PaaS/IaaS location can be:

The correct answer is B . In Zero Trust architecture, content stored in Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS) environments should not be assumed safe simply because it resides in a cloud platform. Zscaler’s security model emphasizes that trust must be established through inspection and policy , not by location alone. The TLS/SSL inspection architecture shows that inline inspection is necessary to evaluate content moving through encrypted sessions, while Zscaler’s broader data protection model also includes out-of-band assessment for content already stored in cloud services.

This aligns with the Zero Trust principle that applications and content can exist anywhere, but they are not automatically trustworthy because of where they are hosted. Cloud providers secure the platform, but they do not guarantee that every uploaded file, shared object, or stored dataset is safe, compliant, or free from malware or data exposure risk. At the same time, saying content should never be trusted is too absolute; Zero Trust is about verification , not blanket denial. Therefore, the most accurate answer is that cloud-stored content should be treated as risky until inspected , whether inline during transfer or out of band while at rest.