When I hear someone like this saying the public cloud would be more secure than a private cloud reminds me of vulnerability scanner vendors using their own severity ratings – or CVSS – to claim the sky is falling because a SQL injection, blank password, or missing path vulnerability was found, yet they have no context to fully understand what it means to the business.
Only the short-sighted are able to make blanket statements about security like “Yes, that’s secure” or “No, that’s a big problem.
There are so many variables around security (technical, procedural, political, cultural, business priority, etc.) that you cannot simply declare good security or bad security in a binary fashion. You have to look at the bigger picture. What’s the business risk in your own unique situation?
Here are a few cloud security considerations to keep on your radar.