The most prominent threats to cloud computing have been identified in a comprehensive report from the Cloud Security Alliance (CSA).
The ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights' report is a refreshed update to the 2016 release that includes real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified.
The top 12 critical issues to cloud security identified by experts were ranked in order of severity per survey results:
1. Data Breaches 2. Weak Identity, Credential and Access Management 3. Insecure APIs 4. System and Application Vulnerabilities 5. Account Hijacking 6. Malicious Insiders 7. Advanced Persistent Threats (APTs) 8. Data Loss 9. Insufficient Due Diligence 10. Abuse and Nefarious Use of Cloud Services 11. Denial of Service 12. Shared Technology Vulnerabilities
“It's our hope that these updates will not only provide readers with more relevant context in which to evaluate the top threats, but that the enhanced paper will provide them with a real-world glimpse into what is currently occurring in the security industry,” says Scott Field, partner architect with Microsoft Corp. and chair of the CSA Top Threats Working Group.
The report affirms the incredible pace at which cloud computing has simultaneously transformed business and government is in fact a double-edged sword, as it has created new security challenges.
The shift from server to service-based thinking is transforming the way technology departments think about, design, and deliver computing technology and applications. Yet these advances have created new security vulnerabilities as well as amplify existing vulnerabilities, including security issues whose full impact are finally being understood.
The CSA says among the most significant security risks associated with cloud computing is the tendency to bypass information technology (IT) departments and information officers.
Although shifting to cloud technologies exclusively may provide cost and efficiency gains, doing so requires that business-level security policies, processes, and best practices are taken into account.
In the absence of these standards, businesses are vulnerable to security breaches that can erase any gains made by the switch to cloud technology.
The CSA says this report is tailored for businesses both in the process of cloud adoption and already cloud-native as it provides up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies.
The report reflects the current consensus among security experts in CSA community about the most significant security issues in the cloud.