Story image

The ‘treacherous 12’: Top threats to cloud computing revealed

20 Oct 17

The most prominent threats to cloud computing have been identified in a comprehensive report from the Cloud Security Alliance (CSA).

The ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights’ report is a refreshed update to the 2016 release that includes real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified.

The top 12 critical issues to cloud security identified by experts were ranked in order of severity per survey results:

1. Data Breaches
2. Weak Identity, Credential and Access Management
3. Insecure APIs
4. System and Application Vulnerabilities
5. Account Hijacking
6. Malicious Insiders
7. Advanced Persistent Threats (APTs)
8. Data Loss
9. Insufficient Due Diligence
10. Abuse and Nefarious Use of Cloud Services
11. Denial of Service
12. Shared Technology Vulnerabilities

“It’s our hope that these updates will not only provide readers with more relevant context in which to evaluate the top threats, but that the enhanced paper will provide them with a real-world glimpse into what is currently occurring in the security industry,” says Scott Field, partner architect with Microsoft Corp. and chair of the CSA Top Threats Working Group.

The report affirms the incredible pace at which cloud computing has simultaneously transformed business and government is in fact a double-edged sword, as it has created new security challenges.

The shift from server to service-based thinking is transforming the way technology departments think about, design, and deliver computing technology and applications. Yet these advances have created new security vulnerabilities as well as amplify existing vulnerabilities, including security issues whose full impact are finally being understood.

The CSA says among the most significant security risks associated with cloud computing is the tendency to bypass information technology (IT) departments and information officers.

Although shifting to cloud technologies exclusively may provide cost and efficiency gains, doing so requires that business-level security policies, processes, and best practices are taken into account.

In the absence of these standards, businesses are vulnerable to security breaches that can erase any gains made by the switch to cloud technology.

The CSA says this report is tailored for businesses both in the process of cloud adoption and already cloud-native as it provides up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies.

The report reflects the current consensus among security experts in CSA community about the most significant security issues in the cloud.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.