Cloud Security Alliance Warns Providers of ‘The Notorious Nine’ Cloud Computing Top Threats in 2013
Organizations Must Make Educated Risk-Management Decisions Regarding Cloud Adoption Strategies
RSA CONFERENCE – San Francisco, CA – February 25, 2013 – The Cloud Security Alliance (CSA) Top Threats Working Group today released The Notorious Nine: Cloud Computing Top Threats in 2013, a revised report aimed to provide organizations with up-to-date, expert-informed understanding of cloud security threats in order to make educated risk-management decisions regarding cloud adoption strategies.
While there are many risks associated with the cloud in general, this report focuses on threats specifically related to the shared, on-demand nature of cloud computing. With descriptions and analyses, the report serves as an up-to-date threat identification guide that will help cloud users and providers make informed decisions about risk mitigation within a cloud strategy.
“To effectively manage risks in cloud computing, it is essential for companies to understand today’s and tomorrow’s threats specific to the cloud, and that comes with education and proper due diligence,” said J.R. Santos, Global Research Director of the CSA. “Companies are still not yet doing the proper due diligence, which is unfortunate and continues to be a real issue. We hope this report brings increased awareness to help companies make informed decisions to mitigate risks within their cloud adoption strategy.”
To identify the top threats, CSA conducted a survey of industry experts, to compile professional opinion on the greatest issues within cloud computing. The Top Threats Working Group used these survey results alongside their expertise to craft the final The Notorious Nine: Cloud Computing Top Threats in 2013. The survey methodology validated that the threat listing reflects the most current concerns of the industry. In this most recent edition of this report, experts identified the following nine critical threats to cloud security:
- Data Breaches
- Data Loss
- Account Hijacking
- Insecure APIs
- Denial of Service
- Malicious Insiders
- Abuse and Nefarious Use
- Insufficient Due Diligence
- Shared Technology Issues
“The Notorious Nine: Cloud Computing Top Threats in 2013” is intended to be utilized in conjunction with the best practices guides “Security Guidance for Critical Areas in Cloud Computing V.3” and “Security as a Service Implementation Guidance”. Together, these documents will offer valuable guidance during the formation of comprehensive, appropriate cloud security strategies.
The CSA Top Threats Working Group is responsible for providing needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. The CSA Top Threats Working Group is led by Rafal Los, Senior Security Strategist, HP Software; Dave Shackleford, Founder and Principal Consultant, Voodoo Security, and Bryan Sullivan, Senior Security Program Manager, Microsoft. The CSA invites interested companies and individuals to support the group’s research and initiatives. Companies and individuals interested in learning more or joining the group can visit https://cloudsecurityalliance.org/research/top-threats/.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
Kari Walker for the CSA