On September 5, 2024, the Privacy Protection Authority (PPA) published a paper on the challenges of moving databases and database systems to the cloud.

The PPA highlighted challenges and proposed certain recommendations when transitioning to the cloud, including: 

• incorrect definitions that may lead to organizational information being exposed to unauthorized parties;
• application programming interface (API) that is not properly secured may allow data and information to be retrieved by unauthorized parties. In order to secure the API interfaces, up-to-date control and documentation mechanisms must be integrated into the migration processes and the ongoing work in the cloud infrastructure;
• incompatibility with architecture may lead to incorrect data transfer; 
• if there is sensitive information in the organization's systems, the organization should consider storing this sensitive information in the local environment and using a public cloud platform;
• transition to the cloud may lead to data loss, therefore, it is important to back up all data stored in the organization's systems, especially files intended to be moved to the cloud; and
• data transition to the cloud can lead to many security risks, such as internal threats, accidental errors, external attacks, malware, misconfiguration in the network, incorrectly granting access permissions, problems on the side of the cloud provider, contractual violations, compatibility violations, and more. It is important to mention that the information security obligations stipulated in the Privacy Protection (Information Security) Regulations apply to organizations, in accordance with the level of security applicable to organizations' databases, even when moving to the cloud. 

You can read the press release here and the paper here, both only available in Hebrew.