Resources to Start Preparing Your Team to Address Cloud Security Top Threats
Blog Article Published: 01/29/2020
By Victor Chin, former Research Analyst, CSA & Ryan Bergsma, Training Director, CSA
Every other year the CSA Top Threats working group releases their report on Top Threats to Cloud Computing. These reports are designed to gauge the industry perception of the most salient cloud security threats, risks and vulnerabilities. In this blog post we will be taking a look at how the top threats have changed over the years, and resources CSA has available to help educate teams to prevent these threats.
What the top threats are & how they’ve changed
The Top Threats working group has released three iterations of their report with the Egregious Eleven, released in August 2019, being the latest. They span a total of 6 years and includes 18 unique security issues. The table below shows what security issues were featured in the previous reports and how they ranked.
Fig 1, Top Threats over the years
The security issues have been put into two main categories. The security issues highlighted in blue are the mainstays of the Top Threats report. They are Data Breaches, Account Hijacking, Insider Threat, Insecure Interfaces and APIs and Abuse and Nefarious Use of Cloud Services. These security issues have consistently been featured in all three Top Threats to Cloud Computing reports. On the other hand, highlighted in gray are security issues that are being rated as less relevant. As can be seen in Fig 1, they were originally rated quite highly in the 2013 Notorious Nine report. In the 2016 Treacherous Twelve report, they experienced a slight drop. Finally, in the Egregious Eleven, they have completely dropped off the list.
What resources does CSA have to help teams address the Egregious 11?
The Cloud Security Alliance and the Top Threats Working Group have produced several artifacts which help explain the trends and security issues we’re seeing.
- The Egregious 11 Meta-Analysis blog series help account for the downward trend of third-party cloud risks as well as the upward trend of nuanced cloud security issues.
- Additionally, the Treacherous Twelve: Deep Dive, published in August 2018, provides an incident analysis of security breaches related to the Treacherous Twelve. The document provides at attack-style reference chart as well as a detailed narrative of the incident.
- Finally, another one of our latest releases, the Cloud Penetration Testing Playbook, provides a red team field manual-esque document. The document contains 94 public cloud test cases and vectors against which enterprises can test their cloud environments.
If you’re interested in learning more, below are several webinars we recommend watching that can help you learn more about addressing top threats.
- Anatomy of a Cloud Data Breach
- Cloud Security Top Threats: How to Secure the Future While Learning from the Past
- Hackers, Cybercriminals, or Employees - Who Poses the Biggest Threat to the Org?
- 2019 Cloud Security Threat Report: Understand the Latest Cloud Security Trends
- LIVE Cyber Attack Simulation: A Crypto Crime in Action
CSA Threat Intelligence Exchange Platform. This platform allows organizations to Operationalize intelligence from the CSA community and 20+ OSINT sources into their SIEM. This platform is available to CSA Members, you can request more information about this platform here.
CSA’s Governance, Risk and Compliance Framework
The CSA also has a comprehensive governance, risk and compliance framework. Organizations that want to securely migrate and operate in the cloud should study CSA’s Cloud Controls Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ). The CCM is a set of cloud security controls for cloud service providers (CSPs). It contains a total of 133 security controls categorized into 16 domains. While the CAIQ is a questionnaire, based on the CCM, with which customers can use to gauge the security posture of their CSPs. Both tools are referenced heavily in all the research produced by the Top Threats Working Group. Furthermore, the CCM and CAIQ integrate with CSA STAR (Security, Trust, Assurance and Risk) program to provide transparency and security assurance at various levels.
The CCM, CAIQ and STAR program contains many moving parts and can be quite difficult to navigate. To make our governance, risk and compliance program more digestible, we have a Cloud Governance Compliance course which is a full day instructor led course. Students are introduced to the CAIQ, CSA STAR and the CCM while examining real-world applications with the Top Threats to Cloud Computing reports. At the end of the course, students will know how to utilize and implement the CAIQ and CCM in their organizations.
The course is suitable for security compliance professionals and is a prerequisite for the upcoming Certificate of Cloud Auditing Knowledge.
Last but not least, the Certificate of Cloud Security Knowledge (CCSK) provides foundational cloud security knowledge and gives you a comprehensive understanding of managing security on the cloud. The CCSK helps students to appreciate the nuanced differences between traditional IT environments and modern cloud environments. Students will be able to understand the genesis of cloud security issues highlighted in the Top Threats to Cloud Computing reports as well as how to mitigate them. The CCSK covers all 14 domains of the CSA Security Guidance v4. Prospective students can opt to either take the vanilla CCSK Foundation course which is self-paced or the CCSK Plus course which includes a 1-day hands-on lab session.
Which training should I start with?
The CCSK gives employees a baseline of all the areas of security that teams need to be concerned with, and the domains covered are aligned to the Cloud Controls Matrix (CCM). Essentially the CCSK helps you understand what the security concerns are, while the Cloud Governance & Compliance course teaches students to use the necessary tools to ensure organizational implementation.