**4.11 Lack of cloud security strategy/regulatory violations**

It is imperative to formulate a strong cloud security strategy, regulations and risk management policy should be devise before making mind to migrating to cloud provider for various services instead of simply lift and shift without any due diligence. Mostly many organizations are bound by and force to comply with certain rules, regulations and law of land of origin and these compliances should be center point for overall security policy. Sensitive health data, private student data, personal financial data, proprietary intellectual property data, research data and confidential business logics constitutes different category of data which are typically migrated to cloud for various services and mostly protections of these data are cover under respective apex authorities or commission and infringement of any kind will invite the formidable fine and penalties. Security architectures and framework must be aligns with the underlying business goals and objectives. Cloud provider being third party, upon agreeing to provide the services, also become liable for extending the appropriate security measures as weak security can lead to financial loss, reputational damage, legal repercussions, and fines.
