Top Threats Working Group
Introduction to the Top Threats Working Group
At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges. The development of the cloud service model delivers business-supporting technology more efficiently than ever before. The shift from traditional client/server to service-based models is transforming the way technology departments think about, designing, and delivering computing technology and applications. However, the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging.
Download the Top Threats Working Group Charter
“The CSA Top Threats Working Group aims to provide organizations with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies.”
The Treacherous Twelve: Cloud Computing Top Threats in 2016
The 2016 Top Threats release mirrors the shifting ramifications of poor cloud computing decisions up through the managerial ranks, instead of being an IT issue it is now a boardroom issue. The reasons may lie with the maturation of cloud, but more importantly, higher strategic decisions by executives in cloud adoption. The 2013 edition highlighted developers and IT departments rolling out their own self-service Shadow IT projects, and the bypassing of organizational security requirements. In 2016, cloud adoption may be effectively aligned with the executive strategies to maximize shareholder value. The always-on nature of Cloud Computing impacts factors that may skew external perceptions and in turn company valuations. Wider reaching architecture/design factors of Identity, Credential and Access Management, Insecure APIs and System & Application Vulnerabilities rise in the survey, while data loss and individual account hijacking fell in comparison.
The Treacherous Twelve: Cloud Computing Top Threats in 2016 is sponsored by HPE Security – Data Security
|Working Group Co-Chair(s)||CSA Global Support||Contributors|
Top Threats Working Group Leadership
Top Threats Co-chairs
Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook’s work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries. Mr. Brook obtained a number of industry certifications, including CISSP and CCSK, has patents and trade secrets in intrusion detection, enterprise network controls, cross domain security and semantic data redaction. He has spoken at numerous events, including the Hackers on Planet Earth (HOPE), Cloud Security Alliance (CSA) Congress, IAPP Privacy Conferences and DoD Cyber Crime Conference. Additionally, Mr. Brook has contributed to a number of CSA projects over the past six years, and currently co-chairs the CSA Top Threats and Cloud Broker Working Groups. He holds a BS-CEN from the University of Florida and an MBA from the University of South Florida.
Contributions: Top Threats Working Group co-chair, Cloud Broker Working Group co-chair and contributor to several additional working groups. Certified Certificate of Cloud Security Knowledge+ (CCSK+) trainer and Cloud Controls Matrix (CCM) reviewer.
Scott is an architect that manages the Microsoft Azure security organization, with recent previous responsibility including Azure Compliance. His primary responsibility includes ensuring that Azure is the most secure cloud platform in existence, and that the features used to secure Azure are also made available to customers.
He has been involved with security at Microsoft for over 20 years, with contributions to Windows, Security Products, and Online services. He has held positions including support of Microsoft developer customers, software development, system and security architecture, and management of development, test, and program management teams.
Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.
Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.
Top Threats Working Group Initiatives
Open Peer Reviews
|Initiative Details||Date Opened|
This document serves as an update of anecdotes for the research published by the CSA Top Threats Working Group in 2016 (The Treacherous 12: Cloud Computing Top Threats in 2016). This Top Threats 2017 Refresh Document contains 21 anecdotes and examples of recent incidents or developments that relate to the 12 categories of security issues mentioned in the 2016 document.
|April 18, 2017||Contribute now|
Thanks for your interest!
Your request to join Top Threats has been recorded. Someone will be in touch with you soon with more instructions.
Connect with Us
Top Threats Working Group News
February 29, 2016
New Research Findings Identify Risks Related to the Shared, On-demand Nature of Cloud Computing SAN FRANCISCO – February 29, 2016 – RSA Conference Booth #S2614 – The Cloud Security Alliance (CSA) Top Threats Working Group today released The Treacherous 12: Cloud Computing Top Threats in 2016, an important new research report developed to serve as an up-to-date guide…
January 23, 2016
The Cloud Security Alliance would like to invite you to review and comment on the Top Threats Working Group’s survey report, The Treacherous 12 – Cloud Computing Top Threats in 2016. The survey report shares findings and analysis from the Top Threats Working Group’s survey from late 2015. The revised report aimed to provide organizations…
November 04, 2015
The cloud presents all kinds of opportunities for today’s enterprise, from anywhere access to anything-as-a-service. Cloud computing imposes significant security risks on the corporation, network, IT and the day to day activities of the business. How do they maintain compliance, control and ownership of sensitive data as they move from the physical environment to a…
October 09, 2015
The Cloud Security Alliance Top Threats Working Group is conducting a survey of global security concerns in cloud computing. This short survey asks you to rate the relevance of 13 shortlisted security concerns in cloud computing. In addition, you will be given an opportunity to comment on and provide anecdotes for these security concerns. The…
July 24, 2012
This survey’s purpose is to identify whether the Top Threats first identified by the CSA are still relevant today.
July 18, 2012
CSA announces the availability of several new opportunities to sponsor key research initiatives. Your support helps us maintain our aggressive research schedule and accelerate responsible adoption of cloud computing.
March 01, 2010
The Cloud Security Alliance (CSA) and HP (NYSE: HPQ) today announced new research findings that detail the potential threats surrounding the use of cloud services.
Top Threats Working Group Downloads
“The Treacherous 12 – Cloud Computing Top Threats in 2016” plays a crucial role in the CSA research ecosystem. The purpose of the report is to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among…
Release Date: February 29, 2016
Providing organizations with up-to-date, expert-informed understanding of cloud security threats in order to make educated risk-management decisions regarding cloud adoption strategies.
Release Date: February 24, 2013