Encrypting all data stored on local devices

Monitoring and enforcing security policies for cloud applications

Managing physical security of data centres

Providing internet connectivity to cloud services

Selecting a cloud service provider

Identifying and assessing cloud applications in use

Installing antivirus software

Upgrading network hardware

Allowing all incoming traffic by default

Using a default password for firewall management

Applying the principle of least privilege

Disabling logging features

PCI DSS

ISO/IEC 27001

Australian Privacy Principles (APPs)

GDPR

To increase storage capacity

To identify and respond to security incidents

To reduce internet speed

To manage billing and subscriptions

Disabling all user accounts

Encrypting sensitive data before transmission

Allowing unrestricted file sharing

Ignoring audit logs

Physical access to server rooms

User authentication and authorisation to resources

Internet bandwidth allocation

Hardware maintenance schedules