Cloud Security Alliance Report Lists Top 11 Threats

cloud cyber modernization AI

The Cloud Security Alliance (CSA) released its Top Threats to Cloud Computing Report today. The report, which was created after surveying 241 cloud industry experts, highlights the top 11 threats facing cloud computing. The report noted that cloud security issues are “often the result of the shared, on-demand nature of cloud computing.”

The top 11 threats are:

  1. Data Breaches;
  2. Misconfiguration and Inadequate Change Control;
  3. Lack of Cloud Security Architecture and Strategy;
  4. Insufficient Identity, Credential, Access and Key Management;
  5. Account Hijacking;
  6. Insider Threats;
  7. Insecure Interfaces and APIs;
  8. Weak Control Plane;
  9. Metastructure and Applistructure Failures;
  10. Limited Cloud Usage Visibility; and
  11. Abuse and Nefarious Use of Cloud Services.

CSA noted that compared to its previous research, it saw a “drop in ranking of traditional cloud security issues under the responsibility of cloud service providers (CSPs).”

The group explained that concerns which rated highly in previous reports – such as denial of service, shared technology vulnerabilities, and CSP data loss and system vulnerabilities – are now rated so low that they fell off this report. “These omissions suggest that traditional security issues under the responsibility of the CSP seem to be less of a concern,” the report said. “Instead, we’re seeing more of a need to address security issues that are situated higher up the technology stack that are the result of senior management decisions.”

In terms of the new highly rated items, CSA described them as “more nuanced” and said it suggests a
“maturation of the consumer’s understanding of the cloud.” Because these issues are inherently specific to the cloud – rather than more generic threats and vulnerabilities – it indicates a “technology landscape where consumers are actively considering cloud migration.”

The report concluded by noting that all of the top threats require more industry attention and research, though the report does offer initially recommendations for how organizations can address each of the top 11 threats.

Categories

Recent