Story image

The ‘treacherous 12’: Top threats to cloud computing revealed

20 Oct 2017

The most prominent threats to cloud computing have been identified in a comprehensive report from the Cloud Security Alliance (CSA).

The ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights’ report is a refreshed update to the 2016 release that includes real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified.

The top 12 critical issues to cloud security identified by experts were ranked in order of severity per survey results:

1. Data Breaches
2. Weak Identity, Credential and Access Management
3. Insecure APIs
4. System and Application Vulnerabilities
5. Account Hijacking
6. Malicious Insiders
7. Advanced Persistent Threats (APTs)
8. Data Loss
9. Insufficient Due Diligence
10. Abuse and Nefarious Use of Cloud Services
11. Denial of Service
12. Shared Technology Vulnerabilities

“It’s our hope that these updates will not only provide readers with more relevant context in which to evaluate the top threats, but that the enhanced paper will provide them with a real-world glimpse into what is currently occurring in the security industry,” says Scott Field, partner architect with Microsoft Corp. and chair of the CSA Top Threats Working Group.

The report affirms the incredible pace at which cloud computing has simultaneously transformed business and government is in fact a double-edged sword, as it has created new security challenges.

The shift from server to service-based thinking is transforming the way technology departments think about, design, and deliver computing technology and applications. Yet these advances have created new security vulnerabilities as well as amplify existing vulnerabilities, including security issues whose full impact are finally being understood.

The CSA says among the most significant security risks associated with cloud computing is the tendency to bypass information technology (IT) departments and information officers.

Although shifting to cloud technologies exclusively may provide cost and efficiency gains, doing so requires that business-level security policies, processes, and best practices are taken into account.

In the absence of these standards, businesses are vulnerable to security breaches that can erase any gains made by the switch to cloud technology.

The CSA says this report is tailored for businesses both in the process of cloud adoption and already cloud-native as it provides up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies.

The report reflects the current consensus among security experts in CSA community about the most significant security issues in the cloud.

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.