Cloud Security Alliance Releases ‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016

The Cloud Security Alliance (CSA) Top Threats Working Group today released The Treacherous 12: Cloud Computing Top Threats in 2016, an important new research report developed to serve as an up-to-date guide to help cloud users and providers make informed decisions about risk mitigation within a cloud strategy. Today, the development of the cloud service model delivers business-supporting technology more efficiently than ever before–but with ease and convenience comes risk. Among the most significant security risks associated with cloud computing is the tendency to bypass information technology (IT) departments and information officers. Although shifting to cloud technologies exclusively may provide cost and efficiency gains, doing so requires that business-level security policies, processes and best practices are taken into account. In the absence of these standards, businesses are vulnerable to security breaches that can erase any gains made by the switch to cloud technology.

With descriptions and analysis, The Treacherous 12: Cloud Computing Top Threats in 2016, developed by the CSA Top Threats Working Group and sponsored by Hewlett Packard Enterprise, serves as an up-to-date guide that will help cloud users and providers make informed decisions about risk mitigation within a cloud strategy. While there are many security concerns in the cloud, this report focuses on 12 specifically related to the shared, on-demand nature of cloud computing. “At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges,” said J.R. Santos, Executive Vice President of Research for the CSA. “The 2016 Top Threats release mirrors the shifting ramifications of poor cloud computing decisions up through the managerial ranks. Instead of being an IT issue, cloud security is now a boardroom issue. The reasons may lie with the maturation of cloud, but more importantly, higher strategic decisions are being made by executives when it comes to cloud adoption.”

In creating “The Treacherous 12: Cloud Computing Top Threats in 2016,” the CSA Top Threats Working Group conducted research in two primary stages. In the first stage, the group presented 20 concerns via a series of consultations, asking working group members to indicate the importance of each concern to their organization. After considering all the survey results, the working group identified and ranked the top 12 most salient cloud security concerns from among the previously short-listed group of concerns. Approximately 270 respondents participated in the survey process and identified the following security issues in cloud computing:

  1. Data Breaches
  2. Weak Identity, Credential and Access Management
  3. Insecure APIs
  4. System and Application Vulnerabilities
  5. Account Hijacking
  6. Malicious Insiders
  7. Advanced Persistent Threats (APTs)
  8. Data Loss
  9. Insufficient Due Diligence
  10. Abuse and Nefarious Use of Cloud Services
  11. Denial of Service
  12. Shared Technology Issues

“Our last Top Threats report highlighted developers and IT departments rolling out their own self-service Shadow IT projects, and the bypassing of organizational security requirements. A lot has changed since that time and what we are seeing in 2016 is that the cloud may be effectively aligned with the Executive strategies to maximize shareholder value,” said Jon-Michael Brook, co-Chair of the Top Threats Working Group. “The ‘always on’ nature of cloud computing impacts factors that may skew external perceptions and, in turn, company valuations.”

This research document should be utilized in conjunction with the best practices guides, “Security Guidance for Critical Areas in Cloud Computing V.3” and “Security as a Service Implementation Guidance.” Together, these documents will offer valuable guidance during the formation of comprehensive, appropriate cloud security strategies.

“The Treacherous 12: Cloud Computing Top Threats in 2016” plays a crucial role in the CSA research ecosystem. The purpose of the report is to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among security experts in the CSA community about the most significant security issues in the cloud.

The CSA Top Threats Working Group is responsible for providing needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. The CSA Top Threats Working Group is led by Scott Field, Partner Architect with Microsoft Corporation, along with long-time cloud security professionals Jon-Michael Brook and Dave Shackleford. The CSA invites interested companies and individuals to support the group’s research and initiatives. Companies and individuals interested in learning more or joining the group can visit the Top Threats Working Group page.