Cloud infrastructures such as AWS, Google and Azure are highly secure and comply with the strictest standards in infrastructure and software development practices, such as ISO 20001, PCI-DSS Level1 and HIPAA.
So, what does that mean to an organization building and deploying their own software in the cloud? Not much. You are ensured that their infrastructure is secure not your software. This is what is called the shared responsibility model.
Every organization is responsible for building secure applications and deploying them in a secured manner to these cloud providers. You could easily build and deploy unsecured systems to these secured environments.
It’s worthwhile to review your software development and deployment practices internaly because you cannot rely on the cloud infrastructure to secure your own software.
Bottom line – you must build secure software and make sure it is deployed using cloud provider’s best security practices.AWS Shared Security Model