• Lack of physical control of framework, as happens when the environment is outsourced to an third-party CSP, renders an intensive risk-management process.
• In customary situations, the physical area of sensitive data can be confined to dedicated systems, encouraging the distinguishing proof and execution of successful risk-mitigation controls.
• Traditional security approaches that construct security controls "around"