An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service.
The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.
Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
https://arxiv.org/ftp/arxiv/papers/1303/1303.4814.pdfThe BEST answer to the question is C. Specific risks cannot be transferred to the cloud provider.
When an organization moves its production environment systems from an on-premises environment to a cloud service, there are some changes that must be considered. One of these changes is how risk is addressed. While traditional methods of addressing risk might work in an on-premises environment, they might not work in the cloud environment.
Cloud service providers typically offer shared security responsibility models, which means that some security responsibilities are shared between the cloud provider and the organization. The cloud provider is responsible for securing the underlying infrastructure of the cloud environment, while the organization is responsible for securing its own applications, data, and identities in the cloud.
However, there are specific risks that cannot be transferred to the cloud provider, such as risks related to the organization's own data, applications, and identities. The organization is responsible for ensuring that its data is secure, and for implementing appropriate security controls to protect its data.
Therefore, it is essential that the organization assesses its risks in the context of the cloud environment and takes necessary steps to mitigate those risks. This may include implementing new security controls, developing new policies and procedures, and training staff on how to operate in the new cloud environment.
In summary, traditional methods of addressing risk may not be possible in the cloud environment because there are specific risks that cannot be transferred to the cloud provider. Therefore, the organization must assess its risks and implement appropriate security controls to mitigate those risks in the cloud environment.