getting there
Cloud Audit is a step in the right direction, though the real cost of monitoring is the back-end people to investigate.
They need to incorporate GPG13 and full protective monitoring, but security needs to include the full ISO27001 scope and the cloud architecture needs to support this.
@infosecchap