Top Threats Working Group

Introduction to the Top Threats Working Group

At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges. The development of the cloud service model delivers business-supporting technology more efficiently than ever before. The shift from traditional client/server to service-based models is transforming the way technology departments think about, designing, and delivering computing technology and applications. However, the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging.

“The CSA Top Threats Working Group aims to provide organizations with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies.”

Upcoming Deliverables

Top Threats to Cloud Computing 2015

Top Threats Working Group Leadership

Top Threats Co-chairs

Jon-Michael Brook

Jon-Michael C. Brook has 20 years of experience in CyberSecurity. He holds a BS-CEN from the University of Florida and an MBA from the University of South Florida. He obtained a number of industry certifications, including the CISSP and CCSK, holds patents & trade secrets in intrusion detection, enterprise network controls, cross domain security and semantic data redaction, and has a special interest in privacy.

Jon-Michael has contributed to a number of CSA projects over the years and currently co-chairs the CSA Top Threats Working Group.

Scott Field

Scott is an architect that manages the Microsoft Azure security organization, with recent previous responsibility including Azure Compliance. His primary responsibility includes ensuring that Azure is the most secure cloud platform in existence, and that the features used to secure Azure are also made available to customers.

He has been involved with security at Microsoft for over 20 years, with contributions to Windows, Security Products, and Online services. He has held positions including support of Microsoft developer customers, software development, system and security architecture, and management of development, test, and program management teams.

Dave Shackleford

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.

Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.

Top Threats Working Group Initiatives

Please contact Top Threats Working Group Leadership for more information.

Want to contribute to the Top Threats Working Group?

Fill out the form below to join today!


If you experience trouble using this form, please submit the information here.

Other ways to Connect

Top Threats Working Group News

November 04, 2015

Keep your Data and Applications Safe from CSA Top Threats

The cloud presents all kinds of opportunities for today’s enterprise, from anywhere access to anything-as-a-service. Cloud computing imposes significant security risks on the corporation, network, IT and the day to day activities of the business. How do they maintain compliance, control and ownership of sensitive data as they move from the physical environment to a…

October 09, 2015

Survey for the CSA Top Threats to Cloud Computing 2015 report is Open

The Cloud Security Alliance Top Threats Working Group is conducting a survey of global security concerns in cloud computing. This short survey asks you to rate the relevance of 13 shortlisted security concerns in cloud computing. In addition, you will be given an opportunity to comment on and provide anecdotes for these security concerns. The…

July 24, 2012

Take the Top Threats to Cloud Computing Survey

This survey’s purpose is to identify whether the Top Threats first identified by the CSA are still relevant today.

July 18, 2012

CSA Research Sponsorship Opportunities Available

CSA announces the availability of several new opportunities to sponsor key research initiatives. Your support helps us maintain our aggressive research schedule and accelerate responsible adoption of cloud computing.

March 01, 2010

Cloud Security Alliance and HP Identify Top Cloud Security Threats in New Research Report

The Cloud Security Alliance (CSA) and HP (NYSE: HPQ) today announced new research findings that detail the potential threats surrounding the use of cloud services.

Top Threats Working Group Downloads

The Notorious Nine: Cloud Computing Top Threats in 2013

The Notorious Nine: Cloud Computing Top Threats in 2013

Providing organizations with up-to-date, expert-informed understanding of cloud security threats in order to make educated risk-management decisions regarding cloud adoption strategies.

Release Date: February 24, 2013