Shared responsibility model (roles/responsibilities)

 Cloud service provider (CSP)

  Geographic location

  Infrastructure

  Compute

  Storage

  Networking

  Services

 Client

  Encryption

  Operating systems

  Applications

  Data

Vendor lock-in and vendor lockout

Vendor viability

 Financial risk

 Merger or acquisition risk

Meeting client requirements

 Legal

 Change management

 Staff turnover

 Device and technical configurations

Support availability

Geographical considerations

Supply chain visibility

Incident reporting requirements

Source code escrows

Ongoing vendor assessment tools

Third-party dependencies

 Code

 Hardware

 Modules

Technical considerations

 Technical testing

 Network segmentation

 Transmission control

 Shared credentials