Cloud adoption has been steadily on the rise among organizations of all sizes. However, one of the challenges organizations face, especially those that are just moving to the cloud, is a lack of familiarity with how the cloud is operated and how it is different from a purely on-premise system. 

Cloud setups typically involve not just a single implementation; instead, they combine different services from different cloud providers, often in conjunction with physical data centers.

This challenge extends to security — there are risks in inadequately securing cloud deployments and being unfamiliar with configuration specifics of cloud services. Many factors can lead to exposure of workloads and applications to attacks, including misconfigurations, improper use of technology, inexperience in operating and securing cloud systems, or even mere oversight on the part of developers or cloud engineers. 

The components of cloud systems are interconnected in many ways, making potential attack vectors difficult to map. For IT security personnel who are only starting to get a grip on cloud platforms and services, security presents a daunting endeavor.

In this paper, Trend Micro Research provides examples of threats and risks organizations could face when migrating to the cloud or using cloud services. No matter the cloud service or platform, the common theme is that misconfiguration continues to be one of the major pitfalls of cloud security, affecting both companies who subscribe to cloud services and users of software that are hosted on the cloud.