Balancing risk and efficiency
Last month the Top Threats Working Group at the Cloud Security Alliance (CSA) released “The Treacherous 12: Cloud Computing Top Threats in 2016,” identifying and describing critical security issues facing IT leaders today.
Sponsored by Hewlett Packard Enterprise, the report serves as an up-to-date guide to help cloud users and providers make informed decisions about risk mitigation within a cloud strategy. The report points out that while the cloud service model delivers a wide range of capabilities more efficiently than ever before, there are risks that come along with that efficiency.
Although shifting to cloud technologies exclusively typically provides cost and efficiency gains, doing so requires that business-level security policies, processes and best practices are taken into account. In the absence of such standards, businesses are vulnerable to security breaches that can erase any gains made by the switch to cloud technology.
While there are many security concerns in the cloud, the report focuses on 12 specifically related to the shared, on-demand nature of cloud computing.
Among the most significant security risks associated with cloud computing is shadow IT, the tendency to for line of business leaders to bypass information technology (IT) departments and information officers when implementing certain cloud solutions.
In creating “The Treacherous 12: Cloud Computing Top Threats in 2016,” the CSA Top Threats Working Group conducted research in two primary stages.
In the first stage, the group presented 20 concerns via a series of consultations, asking working group members to indicate the importance of each concern to their organization. After considering all the survey results, the working group identified and ranked the top 12 most salient cloud security concerns from among the previously short-listed group of concerns. Approximately 270 respondents participated in the survey process and identified the following security issues in cloud computing:
- Data Breaches
- Weak Identity, Credential and Access Management
- Insecure APIs
- System and Application Vulnerabilities
- Account Hijacking
- Malicious Insiders
- Advanced Persistent Threats (APTs)
- Data Loss
- Insufficient Due Diligence
- Abuse and Nefarious Use of Cloud Services
- Denial of Service
- Shared Technology Issues
In addition to identifying the twelve threats, the repost provides high-level descriptions of corresponding steps you can take to reduce them. If you find that you are struggling with a particular cloud security issue, your Zones account executive can connect you with a Zones Cloud Solutions specialist for a consultation.
The threat research document should be utilized in conjunction with the best practices guides, “Security Guidance for Critical Areas in Cloud Computing V.3” and “Security as a Service Implementation Guidance”, available from the CSA website, www.cloudsecurityalliance.org.