Risk is not unique to the cloud. The “how” (aka the technology) changes, but not the mission. True professionals know the argument is not about technology or how security is delivered, but rather one of governance and policy enforcement.
\nDo a Google search on \u201ccloud security\u201d and the first entry is \u201cHow secure is the cloud?\u201d True professionals know the argument is not about technology or how security is delivered, but rather one of governance. You need to know exactly who HAS access to what resources and if these levels of access are appropriate. You need to know who IS accessing resources, and if they don\u2019t have the proper credentials, you need to be notified immediately to take further preventive action. You need know that protocols for compliance are in place and routinely and successfully generate the reporting for periodic audits. You need to know your rights, liabilities (SLA) for any application or service acquired and that they conform to your risk management practices.<\/p>\n