I think the author overstates the difference between cloud and on-prem. for example:<p>> For example, open S3 buckets were never an issue in the datacenter world.<p>they totally were, and they were called "open ftp servers". A lot of information was leaked this way.<p>Things are slightly different in cloud world - you need to watch bucket policies instead of ftp server and firewall configs - but this is not a substantial change. The core process of security team stays the same.