A large retail company is implementing a new cloud-based inventory management system. The system will store sensitive customer data and integrate with existing on-premises ERP. The risk manager is asked to identify the most critical risk to address in the shared responsibility model. Which risk is MOST likely to be overlooked?
Trap 1: Vendor lock-in
Vendor lock-in is a strategic risk but is not the most overlooked in the shared responsibility model.
Trap 2: Multi-tenancy isolation
Multi-tenancy isolation is typically managed by the cloud provider, so it is less likely to be overlooked by the customer.
Trap 3: Data sovereignty compliance
While important, data sovereignty is often addressed in cloud contracts, whereas access control misconfigurations are frequently neglected.
- A
Vendor lock-in
Why wrong: Vendor lock-in is a strategic risk but is not the most overlooked in the shared responsibility model.
- B
Multi-tenancy isolation
Why wrong: Multi-tenancy isolation is typically managed by the cloud provider, so it is less likely to be overlooked by the customer.
- C
Misconfiguration of access controls
Access control misconfiguration is a leading cause of cloud data breaches and is often underestimated in the shared responsibility model.
- D
Data sovereignty compliance
Why wrong: While important, data sovereignty is often addressed in cloud contracts, whereas access control misconfigurations are frequently neglected.