Top Threats Working Group
Introduction to the Top Threats Working Group
At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges. The development of the cloud service model delivers business-supporting technology more efficiently than ever before. The shift from traditional client/server to service-based models is transforming the way technology departments think about, designing, and delivering computing technology and applications. However, the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging.
“The CSA Top Threats Working Group aims to provide organizations with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies.”
Top Threats to Cloud Computing 2015
Top Threats Working Group Leadership
Top Threats Co-chairs
Jon-Michael C. Brook has 20 years of experience in CyberSecurity. He holds a BS-CEN from the University of Florida and an MBA from the University of South Florida. He obtained a number of industry certifications, including the CISSP and CCSK, holds patents & trade secrets in intrusion detection, enterprise network controls, cross domain security and semantic data redaction, and has a special interest in privacy.
Jon-Michael has contributed to a number of CSA projects over the years and currently co-chairs the CSA Top Threats Working Group.
Scott is an architect that manages the Microsoft Azure security organization, with recent previous responsibility including Azure Compliance. His primary responsibility includes ensuring that Azure is the most secure cloud platform in existence, and that the features used to secure Azure are also made available to customers.
He has been involved with security at Microsoft for over 20 years, with contributions to Windows, Security Products, and Online services. He has held positions including support of Microsoft developer customers, software development, system and security architecture, and management of development, test, and program management teams.
Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.
Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.
Top Threats Working Group Initiatives
Open Peer Reviews
There are no working drafts at this time.
Other ways to Connect
Top Threats Working Group News
January 23, 2016
The Cloud Security Alliance would like to invite you to review and comment on the Top Threats Working Group’s survey report, The Treacherous 12 – Cloud Computing Top Threats in 2016. The survey report shares findings and analysis from the Top Threats Working Group’s survey from late 2015. The revised report aimed to provide organizations…
November 04, 2015
The cloud presents all kinds of opportunities for today’s enterprise, from anywhere access to anything-as-a-service. Cloud computing imposes significant security risks on the corporation, network, IT and the day to day activities of the business. How do they maintain compliance, control and ownership of sensitive data as they move from the physical environment to a…
October 09, 2015
The Cloud Security Alliance Top Threats Working Group is conducting a survey of global security concerns in cloud computing. This short survey asks you to rate the relevance of 13 shortlisted security concerns in cloud computing. In addition, you will be given an opportunity to comment on and provide anecdotes for these security concerns. The…
July 24, 2012
This survey’s purpose is to identify whether the Top Threats first identified by the CSA are still relevant today.
July 18, 2012
CSA announces the availability of several new opportunities to sponsor key research initiatives. Your support helps us maintain our aggressive research schedule and accelerate responsible adoption of cloud computing.
March 01, 2010
The Cloud Security Alliance (CSA) and HP (NYSE: HPQ) today announced new research findings that detail the potential threats surrounding the use of cloud services.
Top Threats Working Group Downloads
Providing organizations with up-to-date, expert-informed understanding of cloud security threats in order to make educated risk-management decisions regarding cloud adoption strategies.
Release Date: February 24, 2013