Cloud Vulnerabilities Working Group

Current Initiatives

No open initiatives at this time.

Introduction to the Cloud Vulnerabilities Working Group

Founded by the CSA APAC region in May 2013, the CSA Cloud Vulnerabilities Working Group is global working group chartered to conduct research in the area of cloud computing vulnerabilities, with the goals of understanding and educating the classification and exact causes of cloud computing vulnerabilities, recommendations and best practices for the reduction of top vulnerabilities, reporting of vulnerabilities and the development of related tools and standards.

What’s New about Cloud Vulnerabilities?

While cloud computing offers features such as 24/7 availability and elasticity, it faced a new dimension of challenges and vulnerabilities caused by scale, and the challenges of keep systems live and dynamic. It is therefore of maximum benefit to the cloud computing community and industry, if a global vulnerability working group focuses on cloud-related problems and not disparate vulnerability research in the areas of network, storage or systems. It is most effective if we target the problems as a ‘cloud’ problem, as the underlying backend of many cloud systems have dependency relationships between different components, levels of services (IaaS, PaaS, SaaS), backend physical infrastructure and human processes.

Vision and Goals

This is a challenging area, which requires careful planning and research, and a strong participation from a global community. As such, this working group aims to conduct its research in three phases:

  • Establishment of a taxonomy for Cloud Vulnerabilities based on statistical data.
  • Creation of a cloud vulnerability feed documentation mechanism/ format/ protocol.
  • Portal established for cloud vulnerability reporting and tools.

Want to contribute to the Cloud Vulnerabilities Working Group?

Fill out the form below to join today!


If you experience trouble using this form, please submit the information here.

Cloud Vulnerabilities Working Group News

May 21, 2014


Updates include Vulnerabilities Working Group publications, support of academic research conferences, and highlights from the CSA Hong Kong and Macau Chapter.

May 16, 2013

Cloud Security Alliance APAC Defines 2013-2014 Research Roadmap

The APAC region leadership team has published its research roadmap for 2013-2014.

Cloud Vulnerabilities Working Group Videos

No videos currently available.

Cloud Vulnerabilities Working Group Downloads

Cloud Computing Vulnerability Incidents:  A Statistical Overview

Cloud Computing Vulnerability Incidents: A Statistical Overview

In an attempt to ascertain Cloud Computing reliability, 11,491 news articles on cloud computing-related outages from 39 news sources between Jan 2008 and Feb 2012 – effectively covering the first five years of cloud computing – were reviewed.

Release Date: May 31, 2013

Cloud Vulnerabilities Working Group Co-chairs

Ryan Ko

CSA APAC Research Advisor

Dr Ryan Ko is a Senior Lecturer with the Computer Science department and leader of the Cyber Security Lab in the University of Waikato, New Zealand. His main research focus is in the areas of Cyber Security, Cloud Data Provenance and Cloud Computing Security and Trust. Prior to joining the faculty, he was a lead computer scientist with Hewlett-Packard (HP) Labs’ Cloud and Security Lab and achieved first-in-the-world scientific breakthroughs in the area of cloud data provenance. Recipient of the Cloud Security Alliance (CSA) Ron Knode Service Award, he is active as Research Advisor for CSA Asia Pacific, and serves as chair and board member of several cyber security industry consortia and chapters. He is also the co-founder and co-chair of the CSA Cloud Data Governance Working Group, the first CSA research group led by a chapter in Asia Pacific. He holds a B.Eng (Hons.) (Computer Engineering) and Ph.D. from Nanyang Technological University, Singapore, and is a member of the IEEE and ACM.