An enterprise is migrating its on-premises inventory-management workload to an IaaS environment hosted by a public cloud provider. The security manager asks whether the team can rely on the organization's existing on-premises security assessments without change. Which of the following statements BEST addresses this concern?
Existing assessments remain valid because the cloud provider assumes responsibility for securing the underlying infrastructure.
Security assessments can be postponed until after migration is complete to avoid delaying the project schedule.
Risk assessments must be updated to reflect the new environment and threat landscape introduced by the cloud provider.
Only physical security controls require reevaluation; logical controls remain unaffected by the migration.
Moving an on-prem workload into the cloud changes the environment of operation, ownership boundaries, network exposure, and management interfaces. Frameworks such as NIST SP 800-53 require organizations to update their risk assessment whenever the system or its operating environment undergoes significant change. Reusing the prior assessment, limiting the review to physical controls, or postponing the analysis risks overlooking cloud-specific threats and control gaps, whereas performing a new risk assessment ensures that security measures remain effective in the new context.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is IaaS in cloud computing?
Open an interactive chat with Bash
What is NIST SP 800-53 and why is it important in security assessments?
Open an interactive chat with Bash
How does migrating to a cloud environment affect risk assessments?