The cloud is just someone else's computer, software that you are paying to use. The major public service cloud providers have some good security tools to help make sure there isn't something incorrectly configured from day one or at some point down the road. These tools are just the tip of the iceberg, in my opinion, checking and rechecking needs to be done constantly and consistently. There are many great resources out there, some paid and some not paid to make sure we are doing what's needed to protect systems and data hosted in the cloud. Step-by-step checklists to secure various platforms, we simply need to take the time to PLAN, DO, ACT, Check.. and repeat! https://www.cisecurity.org/resources/?type=benchmark https://d0.awsstatic.com/whitepapers/compliance/NIST_Cybersecurity_Framework_CSF.pdf Interested in hearing your thoughts..