As more and more companies are moving to the cloud, they can potentially invite vulnerabilities and affect security and privacy. Depending on the type of cloud model, be it – public, private, community, or hybrid, every organization is required to ensure secure controls are in place to mitigate and address the risks effectively. Organizations must consider extending their current risk management practices to the cloud environments.