Everyone is at least thinking about cloud computing and security to some degree. Few people get or know what to look for, and fewer yet on how to do it. A multi-part article has been posted by Stratum//Security about building and using ThreatSim in the AWS cloud for several years. Part 1 is largely marketing fluff and context (though the security controls bullet list is very good to steal!), but the latter two parts start going down a bullet point list of things to keep in mind for cloud security.

This is certainly not all-inclusive, but every little bit to add to the body of cloud security knowledge, the better. Cloud security includes pretty much everything for more traditional security, but also almost doubled in order to cover things abstracted out to a whole new layer in the cloud platform tooling.