Story image

The ‘treacherous 12’: Top threats to cloud computing revealed

20 Oct 2017

The most prominent threats to cloud computing have been identified in a comprehensive report from the Cloud Security Alliance (CSA).

The ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights’ report is a refreshed update to the 2016 release that includes real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified.

The top 12 critical issues to cloud security identified by experts were ranked in order of severity per survey results:

1. Data Breaches 2. Weak Identity, Credential and Access Management 3. Insecure APIs 4. System and Application Vulnerabilities 5. Account Hijacking 6. Malicious Insiders 7. Advanced Persistent Threats (APTs) 8. Data Loss 9. Insufficient Due Diligence 10. Abuse and Nefarious Use of Cloud Services 11. Denial of Service 12. Shared Technology Vulnerabilities

“It’s our hope that these updates will not only provide readers with more relevant context in which to evaluate the top threats, but that the enhanced paper will provide them with a real-world glimpse into what is currently occurring in the security industry,” says Scott Field, partner architect with Microsoft Corp. and chair of the CSA Top Threats Working Group.

The report affirms the incredible pace at which cloud computing has simultaneously transformed business and government is in fact a double-edged sword, as it has created new security challenges.

The shift from server to service-based thinking is transforming the way technology departments think about, design, and deliver computing technology and applications. Yet these advances have created new security vulnerabilities as well as amplify existing vulnerabilities, including security issues whose full impact are finally being understood.

The CSA says among the most significant security risks associated with cloud computing is the tendency to bypass information technology (IT) departments and information officers.

Although shifting to cloud technologies exclusively may provide cost and efficiency gains, doing so requires that business-level security policies, processes, and best practices are taken into account.

In the absence of these standards, businesses are vulnerable to security breaches that can erase any gains made by the switch to cloud technology.

The CSA says this report is tailored for businesses both in the process of cloud adoption and already cloud-native as it provides up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies.

The report reflects the current consensus among security experts in CSA community about the most significant security issues in the cloud.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.