The caveats to cloud security The caveats to cloud security Is cloud risk management a done job once a business has migrated into the cloud? Aside from cost and the ability to upscale, one of the most compelling cases for a business to move to the cloud is security. Cloud service providers (CSPs) have the scale and resources necessary for the implementation of robust cyber-security systems, quick threat detection and effective incident response, so the argument goes. A recent security breach of Microsoft Exchange Servers demonstrates rather convincingly the enormous threats potentially lurking behind on-premises software. The perpetrators, most likely hacker group Hafnium, supposedly financed by the Chinese state, first gained access to the servers either via stolen passwords or – taking advantage of vulnerabilities – disguising themselves as someone who has access.