[dmitriid]

That's more or less the same question as "what if the data center/servers operated by the bank gets compromised".

In reality it's always about tradeoffs: who to delegate to and who to trust.

[starfallg]

>That's more or less the same question as "what if the data center/servers operated by the bank gets compromised".

The difference is that cloud relies on public services, which once compromised (e.g. via social engineering), allow for lateral attacks resulting in much bigger impact (e.g. Lapsus$) across the complete customer base. This makes social engineering much more attractive in cost vs impact. The resulting monoculture in not only the software, but the infrastructure and configuation also increase the impact on technical attacks on specific exploits.

[dmitriid]

> The difference is that cloud relies on public services

What are the public services that AWS relies on, and how are they different from a bank's server farm, or a bank renting out space in a datacenter?

The same, really, applies to all other concerns.

[starfallg]

Route 53, CloudFront, AWS Console, AWS IAM, etc.

All of these services are hosted by AWS in a multi-tenant fashion, sharing not only the code, but infrastructure and configuration patterns.