High level security concerns for Cloud computing may include: o Work on the tools and controls to put in place first, then take the time to establish your overall security strategy. o Finding ways to overcome the lack of security visibility in the Cloud, especially considering the sheer number of layers, tools and controls. o Effectively managing identity and defining access management, including the privileges and responsibilities of various network admins and users. o Consider the confidentiality aspects regarding your requirements for data encryption in transit and at rest balancing cost and risk. o Requiring the appropriate level of availability should be balanced regarding cost, risk and recovery these may be impacted by physical location and physical access.
o Integration strategy regarding APIs that should include a requirement to implement string encryption, activity monitoring, and access control. o Implementing a cloud-based enterprise will help guarantee regulatory compliance since the "shared responsibility model" makes much easier to meet CCPA, PCI-DSS and GDPR privacy mandates. o Strong cloud security policies can be integrated into the IT processes that teams use to build applications and deploy in the cloud infrastructure.