As more and more organizations consider moving their applications and data from dedicated hosting infrastructure, which they own and operate, to shared infrastructure leased from `the cloud’, security remains a key sticking point. Tenants of cloud hosting providers have substantially less control over the construction, operation, and auditing of infrastructure they lease than infrastructure they own. Because cloud-hosted infrastructure is shared, attackers can exploit the proximity that comes from becoming a tenant of the same cloud hosting provider. As a result, some have argued that that cloud-hosted infrastructure is inherently less secure than the self-hosted infrastructure, and that it will never be appropriate for high-stakes applications such as health care or financial transaction processing.
We strive to present a more balanced treatment of the potential security impacts of transitioning to cloud-hosted infrastructure, surveying both the security costs and security benefits of doing so. The costs include exposure to new threats, some of which are technological, but many others of which are contractual, jurisdictional, and organizational. We also survey potential countermeasures to address these threats, which are also as likely to be contractual or procedural as technological. Transitioning to a cloud-hosted infrastructure may also have security benefits; some security measures have high up-front costs, may become affordable when amortized at cloud scale, and impact threats common to both cloud- and self-hosted infrastructures.