Some businesses have accepted the notion that workloads in the cloud are fundamentally safer than those on-site. The notion that security is assumed by the cloud service provider (CSP) strengthens this assumption. While a secure cloud workload is theoretically feasible, one should not automatically assume that it is because there are crucial actions that must be taken to guarantee its security.
A company’s cyber risk is neither reduced by moving to the cloud, nor is it transferred to the CSP. It demands a shared security approach instead, where roles and responsibilities are made explicit. While managing the risk of exploitation by knowledgeable cyber threat actors is one of the areas of cloud security that the shared security model does not make simpler, it is not one of them.