Reporting data breaches is not part of Auditing and not a function of Auditors.

In ISO 27018, it is the customer who has explicit right over how CSPs will use their information

The four layers of Logical Model for cloud computing according to Cloud Security Alliance are:
1. Infrastructure: The core components of a computing system: compute, network, and storage. The foundation that everything else is built on. The moving parts.
2. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration.
3. Infostructure: The data and information. Content in a database, file storage, etc.
4. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services.

Information Bleed With multiple customers processing and storing data over the same infrastructure, there is the possibility that data belonging to one customer will be read or received by another.
Moreover, even if this does not happen with raw data, it might be possible for one customer to detect telltale information about another customer's activity, such as when the customer is processing data, how long the procedure takes, and so on.

Environmental Risk are not defined as a category in the ENISA document however. all the other three are defined as categories.