The top 11 security threats to cloud computing

cloud lock

Data breaches and misconfigurations come out top of the Cloud Security Alliance's latest Top Threats report which reveals an 'Egregious Eleven' list of cloud security threats.

This year's list no longer includes issues that fall to cloud service providers (CSPs), such as denial of service, shared technology vulnerabilities, CSP data loss and system vulnerabilities. This suggests these are either being well addressed or are no longer perceived as a significant business risk of cloud adoption.

The top 11 in order of significance are:

  1. Data Breaches
  2. Misconfiguration and inadequate change control
  3. Lack of cloud security architecture and strategy
  4. Insufficient identity, credential, access and key management
  5. Account hijacking
  6. Insider threat
  7. Insecure interfaces and APIs
  8. Weak control plane
  9. Metastructure and applistructure failures
  10. Limited cloud usage visibility
  11. Abuse and nefarious use of cloud services

"New, top-ranking items in the survey are more nuanced, and suggest a maturation of security professionals’ understanding of the cloud, and the emerging issues that are harder to address as infrastructure becomes more secure and attackers more sophisticated," says Jon-Michael C. Brook, co-chair of the Top Threats Working Group and a principal contributor to the industry. "The new issues highlighted in this version of the report are inherently specific to the cloud and suggest a technology landscape where security professionals are actively considering cloud migration. We hope this Top Threats report raises organizational awareness of the top security issues that require more industry attention and research, ensuring that they are taken into consideration when budgeting for cloud migration and security."

The full report can be downloaded from the CSA site.

Image Credit: Nata-Lia/ Shutterstock

One Response to The top 11 security threats to cloud computing

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.