Top 12 cloud computing threats in 2016

The Cloud Security Alliance (CSA) Top Threats Working Group released at RSA Conference an important new research report about cloud computing threats, developed to serve as an up-to-date guide to help cloud users and providers make informed decisions about risk mitigation within a cloud strategy.

Today, the development of the cloud service model delivers business-supporting technology more efficiently than ever before–but with ease and convenience comes risk. Among the most significant security risks associated with cloud computing is the tendency to bypass information technology (IT) departments and information officers. Although shifting to cloud technologies exclusively may provide cost and efficiency gains, doing so requires that business-level security policies, processes and best practices are taken into account. In the absence of these standards, businesses are vulnerable to security breaches that can erase any gains made by the switch to cloud technology.

While there are many security concerns in the cloud, this report focuses on 12 specifically related to the shared, on-demand nature of cloud computing. Approximately 270 respondents participated in the survey process and identified the following security issues:

1. Data breaches
2. Weak identity, credential and access management
3. Insecure APIs
4. System and application vulnerabilities
5. Account hijacking
6. Malicious insiders
7. Advanced Persistent Threats (APTs)
8. Data loss
9. Insufficient due diligence
10. Abuse and nefarious use of cloud services
11. Denial of Service
12. Shared technology issues

“Our last Top Threats report highlighted developers and IT departments rolling out their own self-service Shadow IT projects, and the bypassing of organizational security requirements. A lot has changed since that time and what we are seeing in 2016 is that the cloud may be effectively aligned with the Executive strategies to maximize shareholder value,” said Jon-Michael Brook, co-Chair of the Top Threats Working Group. “The ‘always on’ nature of cloud computing impacts factors that may skew external perceptions and, in turn, company valuations.”

“The 2016 Top Threats release mirrors the shifting ramifications of poor cloud computing decisions up through the managerial ranks,” said J.R. Santos, Executive Vice President of Research for the CSA. “Instead of being an IT issue, cloud security is now a boardroom issue. The reasons may lie with the maturation of cloud, but more importantly, higher strategic decisions are being made by executives when it comes to cloud adoption.”

RSA Conference 2016