The Cloud Security Alliance (CSA) Top Threats Working Group released at
RSA Conference an important new research report about cloud computing threats, developed to serve as an up-to-date guide to help cloud users and providers make informed decisions about risk mitigation within a cloud strategy.
Today, the development of the cloud service model delivers business-supporting technology more efficiently than ever before–but with ease and convenience comes risk. Among the most significant security risks associated with cloud computing is the tendency to bypass information technology (IT) departments and information officers. Although shifting to cloud technologies exclusively may provide cost and efficiency gains, doing so requires that business-level security policies, processes and best practices are taken into account. In the absence of these standards, businesses are vulnerable to security breaches that can erase any gains made by the switch to cloud technology.
While there are many security concerns in the cloud, this report focuses on 12 specifically related to the shared, on-demand nature of cloud computing. Approximately 270 respondents participated in the survey process and identified the following security issues:
1. Data breaches
2. Weak identity, credential and access management
3. Insecure APIs
4. System and application vulnerabilities
5. Account hijacking
6. Malicious insiders
7. Advanced Persistent Threats (APTs)
8. Data loss
9. Insufficient due diligence
10. Abuse and nefarious use of cloud services
11. Denial of Service
12. Shared technology issues
