Commoditization, automation and accessibility of sophisticated tools have allowed attackers to dramatically raise their game by bringing evasive threats to the forefront. Subsequently, several high-profile breaches involving public cloud environments have occurred. The shared responsibility model of cloud security clearly outlines the respective responsibilities of cloud service providers and their customers, and it is important to note that none of the breaches were caused by negligence on the part of the cloud service providers. This report highlights key learnings from these incidents along with research by Unit 42’s cloud research team to shed light on current and emerging trends. Moreover, it offers tips and best practices to help organizations ensure business-critical data across their public cloud environments – Google Cloud, AWS, and Azure – is secure.