Outsourcing computing and storage to the cloud does not eliminate the need for handling of information security incidents. It is not possible to create a computer system that is 100% secure, which implies that if there is someone who sees the value of breaking into your systems, they will eventually succeed – and you must therefore assume that information security incidents will take place in your system.
The handling of incidents in the cloud is difficult because of long provider chains; more than one provider may be involved in in the production of a service, and there is often a large distance (physical and logical) to the provider, and it is consequently difficult to involve the provider when something happens. This also means that you do not necessarily have access to forensics; cloud solutions are often based on multi-tenancy, which means that data from multiple clients could potentially exist on a given infrastructure, and it will not be acceptable to disclose (e.g.) a raw dump from a hard drive in this case. There are also unclear legal restrictions on data originating from one jurisdiction (e.g., Norway) but stored in another (e.g., USA).
With many providers involved in a given service offering, inter-provider collaboration in handling of incidents in the cloud can be a major challenge, but this is a prerequisite for ensuring the accountability of the cloud service providers.

Suggested topics include (but are not limited to):
• Incident detection in the Cloud
• Incident handling in the Cloud
• Communication of incidents along cloud provider chains
• Cloud Forensics
• Logging for cloud incident investigations
• Incident handling for IoT/Cloud convergence

See web link for more info.