CSA Identifies 12 Major Threats to Cloud Computing Security
Securing the cloud must become a standard operating practice if companies hope to successfully deploy cloud strategies without opening themselves up to major threats and breaches. A new report from The Cloud Security Alliance (CSA) finds that one of the biggest threats to cloud computing today is the practice of users and workers bypassing IT departments and administrators to access and use the cloud.
Doing so opens up organization to a large amount of risk, according to “The Treacherous 12: Cloud Computing Top Threats in 2016,” the new report from the CSA. Failure to implement proper business level-security policies, processes and practices for cloud computing effectively cancels out any of the cost savings or productivity gains earned from cloud migration, according to the research.
“Instead of being an IT issue, cloud security is now a boardroom issue,” said J.R. Santos, executive vice president of research for the CSA. “The reasons may lie with the maturation of cloud, but more importantly, higher strategic decisions are being made by executives when it comes to cloud adoption."
The CSA researched the top threats by presenting 20 concerns to working group members via a series of consultations. The results were pared down to identify the 12 most pressing cloud security issues according to around 270 respondents. The top concerns include data breaches, insecure APIs, account hijacking and weak identify, credential and access management. Other important threats include system and application vulnerabilities, data loss, malicious insiders, advanced persistent threats (APTs), denial of service, shared technology issues, insufficient due diligence and abuse and nefarious use of cloud services.
"Our last Top Threats report highlighted developers and IT departments rolling out their own self-service Shadow IT projects, and the bypassing of organizational security requirements,” said Jon-Michael Brook, co-chair of the Top Threats Working Group. “A lot has changed since that time and what we are seeing in 2016 is that the cloud may be effectively aligned with the Executive strategies to maximize shareholder value. The 'always on' nature of cloud computing impacts factors that may skew external perceptions and, in turn, company valuations."
Edited by Stefania Viscusi