Cloud technology has exploded in popularity, partly as a solution to the continuously increasing demands on computing power posed by new technologies such as artificial intelligence. Furthermore, the amount of reported cloud-related security incidents is increasing steadily year by year. Thus, if cloud computing is to be used within security critical systems, building knowledge about cloud security is a top priority. This report aims to evaluate incidents and security mitigations related to cloud security. Five popular security frameworks are examined in order to identify overlapping mitigations and security controls. These identified categories are then used to analyze 157 reported cloud incidents from the last 10 years. Furthermore, the consequences of these incidents are also examined. Lastly, security controls which help prevent many of the most common causes of identified incidents are presented. The results of this evaluation points to a large amount of simpler misconfigurations, mostly within the areas identity and access management, infrastructure, as well as data protection. A recurring cause of incidents is publicly accessible resources that lack sufficient access control or fail to encrypt sensitive information. The security frameworks examined are comprehensive and complex, but contain a large overlap with regards to several recurring controls shared between the frameworks. These overlapping mitigations are presented and discussed in the report. The results further point to cloud systems tend to quickly become complex, which many organisations struggle to manage securely. Use of provider-specific security solutions can aid in managing this complexity substantially, but may require specialized competence.