Being unable to access and retrieve their data from the cloud.
To not check where their data is hosted.
Not planning for mobile device security in user access.
Not planning for the future in terms of programming language and hosting provider.
Making assumptions of information security responsibility.
Making the assumption that a cloud provider could never lose data.
Assuming that the cloud has a 100% uptime and fully redundant.
Not having a plan for implementation.
Not having a good disaster recovery (DR) solution for the applications running in the cloud.
Just not having a fundamental understanding of what the cloud is and how it should be maintained in order to provide optimal performance for their business.
Not spending enough on it. When the cost of a software employee is $6k+ a month and cloud infrastructure costs a small fraction of that, it generally makes sense to solve performance issues with the cheap cloud, not expensive engineers.
Attempting to apply the demands of yesterdays applications to the concept of cloud computing.
The project team begins and ends with IT, with little interaction or input from the business users that consume and pay for the IT services they deliver.
It is far from absolutely secure from intrusion by malicious hacking attacks.
Common expectation is that migration for on-premises equipment to a cloud setup will be similar to switching data centers.
Failing to address data breaches.
To assume no one pays attention to the infrastructure they use and therefore they open ports to everyone (0.0.0.0/0) making their entire infrastructure open for hackers. We see it quite a lot with companies that are new to the cloud.
Conducting a poor audits prior to the migration of their existing on-premises infrastructure.
Failing to have a business contingency plan ready should you find it necessary to leave the cloud altogether, to move to a different cloud, in the event you’re surprised by your cloud service provider exiting stage left leaving you without a cloud as some have experienced.
Relying too much on the cloud service provider’s built-in monitoring system.