The document summarizes the security implications of cloud computing. It notes that web application attacks are now the number one source of data breaches, but less than 5% of security budgets are spent on application security. It discusses how risks are moving up the application stack as vulnerabilities can be introduced through code changes and dependencies. Defending web applications and workloads in the cloud is complex due to a wide range of attacks at every layer of the stack and a shortage of security expertise. It then provides an example of a data exfiltration attack against a retail company where an attacker exploited known PHP flaws to access critical systems and steal data over 4 months without detection.