- Where is the data stored?
- Who has access to the data?
- What actions can those with access perform on the data?
- What access is logged and reported?
- Does a neighbor tenant has indirect access to data (e.g., by shared, non-sanitized memory)?
- Can a neighbor tenant infiltrate the database?
One of the security side effects of hosting your data in the cloud is that you cannot control who has physical or logical access to the servers on which your data is stored and processed. You have to accept that some employees of the cloud provider will have access to the servers they provide, and that gives them access to your data. This introduces a possible threats to system security that you have no control.
That doesn’t mean you avoid the cloud, but that you think about these risks before you move those critical systems into the cloud.