- Deployment: Common security technologies may not be allowed to be deployed and could violate your service contract or the might not be accommodated by the infrastructure.
- Visibility: Make sure you have assessment and auditing options to verify that your provider is meeting your expectations and can not gain credentials to your database. Tools that one uses today should be checked to make sure they will continue to function in the cloud.
- Co-Mingling Data: Flaws and failures can expose data in the multitenant environments so if you have sensitive data then cloud might not be right for you. For a solution, look at the application-layer encryption, removal of sensitive information, or for a provider that can guarantee data segregation.
- Service: Vendors might look like they are providing security though the agreement and still not be. Service aspects that are unclear should be questioned, find a way to check on your vendor claims and make sure they will subject to auditing.
Databases kept in the cloud and virtual environments have their benefits but are you aware of the pitfalls?