Analysis of attacks reveals the top threats to cloud computing
Moving systems to the cloud offers many benefits for organizations, but it also opens up a new range of threats.
The Cloud Security Alliance has released a new report looking at case study analyses of recent attacks and data breaches to promote understanding of how attacks work and how they can be successfully mitigated.
Using nine actual attacks and breaches, including a major financial services company, a leading enterprise video communications firm, and a multinational grocery chain for its foundation, the paper connects the dots between the CSA Top Threats in terms of security analysis. Each example offers a reference chart with an attack-style synopsis of the actor looking at everything from threats and vulnerabilities to end controls and mitigations, along with a detailed narrative.
"These case studies identify where and how CSA Top Threats fit in a greater security analysis while providing a clear understanding of how lessons and mitigation concepts can be applied in real-world scenarios," says John Yeoh, global vice president of research at the Cloud Security Alliance.
Each case study's mitigation controls are mapped according to how frequently they were relevant in the context of the Cloud Controls Matrix's 16 domains. Identity and access management controls (IAM) were the most relevant mitigation in this year's report, accounting for eight of the nine case studies, while Security Incident Management, e-Discovery, and Cloud Forensics (SEF), including planning for an attack fallout and executing on the plan, was seen as paramount to successfully dealing with all but one of the incidents cited. IAM controls are referenced 15 times and SEF controls are referenced 17 times in the cited attacks.
The full Top Threats to Cloud Computing: Egregious 11 Deep Dive report is available from the CSA website.