Cloud Vulnerabilities Working Group

Introduction to the Cloud Vulnerabilities Working Group

Founded by the CSA APAC region in May 2013, the CSA Cloud Vulnerabilities Working Group is global working group chartered to conduct research in the area of cloud computing vulnerabilities, with the goals of understanding and educating the classification and exact causes of cloud computing vulnerabilities, recommendations and best practices for the reduction of top vulnerabilities, reporting of vulnerabilities and the development of related tools and standards.

What’s New about Cloud Vulnerabilities?

While cloud computing offers features such as 24/7 availability and elasticity, it faced a new dimension of challenges and vulnerabilities caused by scale, and the challenges of keep systems live and dynamic. It is therefore of maximum benefit to the cloud computing community and industry, if a global vulnerability working group focuses on cloud-related problems and not disparate vulnerability research in the areas of network, storage or systems. It is most effective if we target the problems as a ‘cloud’ problem, as the underlying backend of many cloud systems have dependency relationships between different components, levels of services (IaaS, PaaS, SaaS), backend physical infrastructure and human processes.

Vision and Goals

This is a challenging area, which requires careful planning and research, and a strong participation from a global community. As such, this working group aims to conduct its research in three phases:

  • Establishment of a taxonomy for Cloud Vulnerabilities based on statistical data.
  • Creation of a cloud vulnerability feed documentation mechanism/ format/ protocol.
  • Portal established for cloud vulnerability reporting and tools.

Cloud Vulnerabilities Working Group Leadership

Cloud Vulnerabilities Co-chairs

Dr. Ryan Ko

Dr. Ryan Ko

Dr Ryan Ko is the Head of the Cyber Security Lab at the University of Waikato, New Zealand, and the CSA APAC Research Advisor. He also serves as Affiliate Faculty Member at the Idaho State University’s National Information Assurance Training and Education Center (NIATEC), USA. Recipient of the (ISC)2 ISLA Award in 2014 and the inaugural CSA Ron Knode Award in 2012, his research interests are in the area of cloud security, focusing on data provenance, real-time situation awareness, and homomorphic encryption. Co-founder of the CSA Cloud Data Governance and Cloud Vulnerabilities working groups, he was part of the founding group of experts which created the (ISC)2-CSA Certified Cloud Security Professional certification’s CBK, and is the principal investigator of the NZD 12mil MBIE-funded STRATUS cloud security project.

Cloud Vulnerabilities Working Group Initiatives

Please contact Cloud Vulnerabilities Working Group Leadership for more information.

Want to contribute to the Cloud Vulnerabilities Working Group?

Fill out the form below to join today!


If you experience trouble using this form, please submit the information here.

Cloud Vulnerabilities Working Group News

May 21, 2014


Updates include Vulnerabilities Working Group publications, support of academic research conferences, and highlights from the CSA Hong Kong and Macau Chapter.

May 16, 2013

Cloud Security Alliance APAC Defines 2013-2014 Research Roadmap

The APAC region leadership team has published its research roadmap for 2013-2014.

Cloud Vulnerabilities Working Group Downloads

Cloud Computing Vulnerability Incidents:  A Statistical Overview

Cloud Computing Vulnerability Incidents: A Statistical Overview

In an attempt to ascertain Cloud Computing reliability, 11,491 news articles on cloud computing-related outages from 39 news sources between Jan 2008 and Feb 2012 – effectively covering the first five years of cloud computing – were reviewed.

Release Date: May 31, 2013