In the IaaS shared responsibility model, Google is responsible for the security 'of' the cloud (infrastructure, hardware, physical security), while customers are responsible for security 'in' the cloud. According to Google's official documentation and the community consensus (100% agreement on BD with multiple upvoted comments referencing official sources), customers share responsibility for Network Security (B) - configuring firewalls, VPCs, network controls - and Access Policies (D) - IAM roles, permissions, identity management. Hardware (A) is Google's responsibility entirely. Storage Encryption (C) is partially shared but primarily Google's responsibility for infrastructure encryption. Boot (E) security is Google's responsibility for the underlying infrastructure.