Another new State of Security blog by me is up now: https://www.tripwire.com/state-of-security/security-compliance-cloud

The good news is that, along with increased stability, the standards that help us secure our systems are always improving. From PCI to CIS controls, and through various other standards, security hardening is a well-documented field, and ensuring that you are compliant against a hardening policy is a sensible first step when configuring both your traditional on-premise and cloud hosted solutions. 

It still amazes me how many don't "secure by default" with images based around a set of common-sense security hardening settings in place from the get go - I was building hardened Windows images a decade ago and still would take those settings with me to new server images today!