The primary risk associated with migrating workloads from an exclusively on-premises IT infrastructure to the cloud without being able to implement all the required controls is loss of governance. This risk involves the diminished ability to manage and control IT resources, data, and security, which can subsequently lead to compliance issues and other security vulnerabilities.

A. Loss of governance Loss of governance: When a business migrates its workloads to the cloud, it often loses some degree of control over its IT infrastructure. This can result in a loss of visibility into the infrastructure, difficulties in enforcing security policies, and challenges in ensuring that the cloud service provider is meeting the necessary security and compliance requirements. This loss of governance is a significant risk because it affects the organization's ability to manage and secure its data and applications effectively. Compliance risk: While compliance risk is certainly a concern when migrating to the cloud, it is often a result of the broader issue of loss of governance. Without proper governance, it is challenging to ensure compliance with various regulations and standards.

C IS THE BEST CHOICE

Loss of governance because it only covers "this implementation". There's no indication of any compliance risk as no industry has been mentioned.

The question specifically points out that technical controls cannot be migrated, but does not broach governance policy at all. Fair to assume governance is not the issue here.

which is right answer A or C? So confused

In the absence of specific information about compliance requirements, the risk of Loss of Governance stands out as a potential consequence of migrating to the cloud without implementing all the necessary controls, impacting the ability to effectively manage and govern the IT infrastructure in the new cloud environment.

Lost of Governance best describes this specific situation. Compliance Risk would likely be more specific to not being able to meet some legal or other standard such as PCI DSS. https://cloudtweaks.com/2015/03/top-web-security-risks/ https://blogs.vmware.com/cloudhealth/loss-of-governance-in-cloud-computing/#:~:text=The%20loss%20of%20governance%20in%20cloud%20computing%20occurs%20when%20businesses,suitable%20governance%20policy%20in%20place.

C. Compliance risk: Migrating to the cloud often involves storing, processing, and transmitting data that may be subject to various compliance requirements, such as data privacy regulations, industry standards, and contractual obligations. If the required controls cannot be implemented in the cloud environment, it could result in non-compliance with these regulations and standards, leading to potential legal and financial consequences. In the context of the question, the risk of non-compliance is the primary concern because failing to meet regulatory and compliance requirements can have serious repercussions for a business when it comes to data security, privacy, and legal obligations.

A. Loss of governance: This is the most appropriate answer as it reflects the risk of not having full control or oversight over all aspects of the data, applications, and services when migrating to the cloud.

LOSS OF GOVERNANCE As a cloud consumer you need to be sufficiently in control of your IT systems. If the cloud service agreement does not give you the proper tools, you have a problem. Example: you should be able to make a backup of your important data and get it out of the cloud provider system

The loss of governance in cloud computing occurs when businesses migrate workloads from an exclusively on-premises IT infrastructure to the cloud without a suitable governance policy in place.

Going with A here, the question does not mention or state that the business is following any sort of compliance. Therefore, it defaults to loss of governance. With on-prem, you have 100% control of your systems. With cloud, you simply do not. If the question stated they are inherence of PCI or GDPR, then it would be C.

"As a cloud consumer you need to be sufficiently in control of your IT systems. If the cloud service agreement does not give you the proper tools, you have a problem." Loss of governance occurs when you cannot implement all required controls. Compliance risk may be a result, but the primary risk is loss of governance. https://cloudtweaks.com/2015/03/top-web-security-risks/

Loss of governance = loss of control Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

The loss of governance in cloud computing occurs when businesses migrate workloads from an exclusively on-premises IT infrastructure to the cloud without a suitable governance policy in place. Forrester claims two-thirds of businesses have experienced loss of governance in cloud computing, but it could be a lot more. When a business operates in an exclusively on-premises IT infrastructure, the four key elements of governance—performance management, risk management, value delivery, and strategic alignment—are controlled within a ring-fenced environment. In the cloud, the boundaries of the ring-fenced environment are removed, and consequently many of the controls used to govern the on-premises IT infrastructure are ineffective for enforcing the same policies in the cloud. https://blogs.vmware.com/cloudhealth/loss-of-governance-in-cloud-computing/#:~:text=The%20loss%20of%20governance%20in%20cloud%20computing%20occurs%20when%20businesses,suitable%20governance%20policy%20in%20place.

The risk associated with migrating workloads from an exclusively on-premises IT infrastructure to the cloud but not implementing all the required controls is primarily a compliance risk. By not implementing all the necessary controls, the business may fail to meet the compliance requirements applicable to its industry or region. This could lead to penalties, fines, or other negative consequences.