Top Threats Working Group

Introduction to the Top Threats Working Group

At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges. The development of the cloud service model delivers business-supporting technology more efficiently than ever before. The shift from traditional client/server to service-based models is transforming the way technology departments think about, designing, and delivering computing technology and applications. However, the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging.

“The CSA Top Threats Working Group aims to provide organizations with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies.”

The Treacherous Twelve: Cloud Computing Top Threats in 2016

The 2016 Top Threats release mirrors the shifting ramifications of poor cloud computing decisions up through the managerial ranks, instead of being an IT issue it is now a boardroom issue. The reasons may lie with the maturation of cloud, but more importantly, higher strategic decisions by executives in cloud adoption. The 2013 edition highlighted developers and IT departments rolling out their own self-service Shadow IT projects, and the bypassing of organizational security requirements. In 2016, cloud adoption may be effectively aligned with the executive strategies to maximize shareholder value. The always-on nature of Cloud Computing impacts factors that may skew external perceptions and in turn company valuations. Wider reaching architecture/design factors of Identity, Credential and Access Management, Insecure APIs and System & Application Vulnerabilities rise in the survey, while data loss and individual account hijacking fell in comparison.

The Treacherous Twelve: Cloud Computing Top Threats in 2016 is sponsored by
HPE Security – Data Security

Working Group Co-Chair(s) CSA Global Support Contributors
CSA Chapters

Top Threats Working Group Leadership

Top Threats Co-chairs

Jon-Michael Brook

Jon-Michael C. Brook, Principal at Guide Holdings, has 20 years of experience in CyberSecurity. He holds a BS-CEN from the University of Florida and an MBA from the University of South Florida. He obtained a number of industry certifications, including the CISSP and CCSK, holds patents & trade secrets in intrusion detection, enterprise network controls, cross domain security and semantic data redaction, and has a special interest in privacy.

Jon-Michael has contributed to a number of CSA projects over the years and currently co-chairs the CSA Top Threats Working Group.

Scott Field

Scott is an architect that manages the Microsoft Azure security organization, with recent previous responsibility including Azure Compliance. His primary responsibility includes ensuring that Azure is the most secure cloud platform in existence, and that the features used to secure Azure are also made available to customers.

He has been involved with security at Microsoft for over 20 years, with contributions to Windows, Security Products, and Online services. He has held positions including support of Microsoft developer customers, software development, system and security architecture, and management of development, test, and program management teams.

Dave Shackleford

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.

Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.

Top Threats Working Group Initiatives

Please contact Top Threats Working Group Leadership for more information.

Want to contribute to the Top Threats Working Group?

Fill out the form below to join today!


Other:

If you experience trouble using this form, please submit the information here.

Other ways to Connect

Top Threats Working Group News

February 29, 2016

Cloud Security Alliance Releases ‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016

New Research Findings Identify Risks Related to the Shared, On-demand Nature of Cloud Computing SAN FRANCISCO – February 29, 2016 – RSA Conference Booth #S2614 – The Cloud Security Alliance (CSA) Top Threats Working Group today released The Treacherous 12: Cloud Computing Top Threats in 2016, an important new research report developed to serve as an up-to-date guide…

January 23, 2016

Open Peer Review: The Treacherous 12 – Cloud Computing Top Threats in 2016

The Cloud Security Alliance would like to invite you to review and comment on the Top Threats Working Group’s survey report, The Treacherous 12 – Cloud Computing Top Threats in 2016. The survey report shares findings and analysis from the Top Threats Working Group’s survey from late 2015. The revised report aimed to provide organizations…

November 04, 2015

Keep your Data and Applications Safe from CSA Top Threats

The cloud presents all kinds of opportunities for today’s enterprise, from anywhere access to anything-as-a-service. Cloud computing imposes significant security risks on the corporation, network, IT and the day to day activities of the business. How do they maintain compliance, control and ownership of sensitive data as they move from the physical environment to a…

October 09, 2015

Survey for the CSA Top Threats to Cloud Computing 2015 report is Open

The Cloud Security Alliance Top Threats Working Group is conducting a survey of global security concerns in cloud computing. This short survey asks you to rate the relevance of 13 shortlisted security concerns in cloud computing. In addition, you will be given an opportunity to comment on and provide anecdotes for these security concerns. The…

July 24, 2012

Take the Top Threats to Cloud Computing Survey

This survey’s purpose is to identify whether the Top Threats first identified by the CSA are still relevant today.

July 18, 2012

CSA Research Sponsorship Opportunities Available

CSA announces the availability of several new opportunities to sponsor key research initiatives. Your support helps us maintain our aggressive research schedule and accelerate responsible adoption of cloud computing.

March 01, 2010

Cloud Security Alliance and HP Identify Top Cloud Security Threats in New Research Report

The Cloud Security Alliance (CSA) and HP (NYSE: HPQ) today announced new research findings that detail the potential threats surrounding the use of cloud services.

Top Threats Working Group Downloads

‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016

‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016

“The Treacherous 12 – Cloud Computing Top Threats in 2016” plays a crucial role in the CSA research ecosystem. The purpose of the report is to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among…

Release Date: February 29, 2016

The Notorious Nine: Cloud Computing Top Threats in 2013

The Notorious Nine: Cloud Computing Top Threats in 2013

Providing organizations with up-to-date, expert-informed understanding of cloud security threats in order to make educated risk-management decisions regarding cloud adoption strategies.

Release Date: February 24, 2013