In this chapter, we’ll provide an overview of both risk management techniques and security standards. Risk management will give you a context in which to understand the threat landscape that a cloud environment faces. Later chapters will build on the ideas we present here so that with every aspect of a cloud environment—the network, the hardware, the user controls—you’ll be able to understand whether a cloud provider’s standard setup meets your business needs or if you need to add additional security controls to its offering. After that, we’ll talk about security standards that your provider can certify to in order to prove its cloud environment secure. We’ll cover the major ones—SOC and ISO—in depth while touching on some minor standards. Finally, we’ll discuss some of the regulations that may apply to your data in a cloud environment.