The licensees should consider how the outsourced activity is impacted by the variety of risks associated with the cloud adoptions, for example:

a) Vendor lock-in (cloud vendor using proprietary technology preventing migration);
b) Vendor lock-out (cloud going out of business, preventing access to data);
c) Data and application interoperability;
d) Segregation of data in SaaS environments;
e) Distributed denial of service (DDoS) prevention;
f) Impact of regulatory enforcement processes;
g) Safeguards for management of cryptographic keys;
h) Unmonitored access to administrative zones by staff and 3rd parties;
i) Remote access to administrative zones without strong authentication and accountability;
j) Single point of failures in connectivity to cloud environments.
Added: January 2020