sb-nz logo
Story image

The ‘treacherous 12’: Top threats to cloud computing revealed

20 Oct 2017

The most prominent threats to cloud computing have been identified in a comprehensive report from the Cloud Security Alliance (CSA).

The ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights’ report is a refreshed update to the 2016 release that includes real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified.

The top 12 critical issues to cloud security identified by experts were ranked in order of severity per survey results:

1. Data Breaches 2. Weak Identity, Credential and Access Management 3. Insecure APIs 4. System and Application Vulnerabilities 5. Account Hijacking 6. Malicious Insiders 7. Advanced Persistent Threats (APTs) 8. Data Loss 9. Insufficient Due Diligence 10. Abuse and Nefarious Use of Cloud Services 11. Denial of Service 12. Shared Technology Vulnerabilities

“It’s our hope that these updates will not only provide readers with more relevant context in which to evaluate the top threats, but that the enhanced paper will provide them with a real-world glimpse into what is currently occurring in the security industry,” says Scott Field, partner architect with Microsoft Corp. and chair of the CSA Top Threats Working Group.

The report affirms the incredible pace at which cloud computing has simultaneously transformed business and government is in fact a double-edged sword, as it has created new security challenges.

The shift from server to service-based thinking is transforming the way technology departments think about, design, and deliver computing technology and applications. Yet these advances have created new security vulnerabilities as well as amplify existing vulnerabilities, including security issues whose full impact are finally being understood.

The CSA says among the most significant security risks associated with cloud computing is the tendency to bypass information technology (IT) departments and information officers.

Although shifting to cloud technologies exclusively may provide cost and efficiency gains, doing so requires that business-level security policies, processes, and best practices are taken into account.

In the absence of these standards, businesses are vulnerable to security breaches that can erase any gains made by the switch to cloud technology.

The CSA says this report is tailored for businesses both in the process of cloud adoption and already cloud-native as it provides up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies.

The report reflects the current consensus among security experts in CSA community about the most significant security issues in the cloud.

Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Thales: A/NZ cybersecurity approach more talk than action
“While some organisations are talking a good story … predicted spending shows that most have the wrong focus.”More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Microsoft brings endpoint & Azure security under Microsoft Defender
Microsoft Defender brings Microsoft 365 Defender and Azure Defender under the same umbrella.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More