The cloud seems to be taking (an unfair?) amount of blame for the most recent, highly visible, attacks on corporations like Sony and most recently, Anthem. There may be a temptation to conclude that a common denominator is cloud computing, therefore, the cloud must be insecure.
"Wrong" says David Linthicum for InfoWorld. "The degree of security -- whether within cloud-based or on-premises systems -- is determined by two factors. One is the planning and technology that goes into engineering the security solution. The other is the organization's ability to operate systems in proactive and secure ways." In reality, the same risks that exist in an on premise environment - such as vulnerabilities hackers can easily find and exploit, including outdated or non-existent IAM strategies, and the organization's ability to stand behind, adhere to, and continuously improve these processes and initiatives, exist in the cloud as well. "The Cloud" cannot fix what is broken strategically within an organization, and risk and vulnerability can exist in the cloud as easily as on a local server.