The top cloud security threats are data theft, data loss, account hacking, interface and Application Programming Interface (API) breaches, DDos attacks, insider attacks, hacker infiltration, and provider-initiated downtime. Protect your cloud infrastructure with https://www.observeid.com/

Identify the person responsible for information security in the company

Ensuring the security of the infrastructure in the cloud requires the involvement of the IT and IS departments - without this it is impossible to organize constant monitoring, updating of tools, rapid response to incidents, as well as qualitative and prompt interaction with the cloud provider employees for joint mitigation of arising incidents.

The IT and IS departments of a company must appoint responsible specialists with an expanded supervisory role. They will interact with providers and make decisions on the customer side.

Often, IT and IS managers are assigned to this role. They have sufficient skills to manage the core internal divisions of the company and competencies to coordinate actions with the cloud provider.

1. Record the competencies of the parties

46% of cybersecurity incidents in the last year are caused by lack of knowledge or non-compliance with basic tenets of information security by company employees. Working with cloud providers helps reduce this percentage, as part of the responsibility for ensuring the information security of the system is transferred to the provider.

Obligations to ensure information security measures are fixed in the service contract. It describes:

mechanisms and channels of contact between the two parties; 
Areas of responsibility of the parties; 
Service level agreement.

The terms of service level agreement (SLA) should be drafted taking into account the competence of the parties - if the customer has no experience in performing certain tasks, it's better to delegate them to the provider.

With this approach, the risks of unavailability of services or other unsatisfied services will be compensated according to the terms of the contract. When placing the infrastructure entirely within the company itself, all financial risks associated with the unavailability of services remain within the company.

1. provide multilevel protection of infrastructure

Infrastructure protection should be provided at all levels: from physical, network to logical level of application functioning and its resistance to possible attacks.

Security in the deployment and operation of equipment. The Tier system is used to assess data center resilience. Tier requirements cover the areas of construction, power, cooling, security controls, redundancy, maintainability and commissioning.

A limited number of people must be able to enter the data center (datacenter). 
Physical data center equipment must be protected by fences, security posts, video surveillance systems, and security checkpoints. 
The availability of the data center should be maintained by a constant power supply, have several independent points of connection to providers providing channels of communication with the outside world.

Translated with www.DeepL.com/Translator (free version)

var myObj, i, j, x = "";
myObj = {
  "name":"John",
  "age":30,
  "cars": [
    {"name":"Ford", "models":["Fiesta", "Focus", "Mustang"]},
    {"name":"BMW", "models":["320", "X3", "X5"]},
    {"name":"Fiat", "models":["500", "Panda"] }
  ]
}
for (i in myObj.cars) {
  x += "<h2>" + myObj.cars[i].name + "</h2>";
  for (j in myObj.cars[i].models) {
    x += myObj.cars[i].models[j] + "<br>";
  }
}
document.getElementById("demo").innerHTML = x;