How to Think Ahead of the Attacker: Taking Control of Security in the Cloud