CSA Official Press Release
Published 05/31/2013
White Paper Analysing Cloud Vulnerability Incidents from 2008-2012 released by the CSA Cloud Vulnerabilities Working Group
A white paper studying cloud computing outages reported by the media over a four year period has been released by the newly-established CSA Cloud Vulnerabilities Working Group. The team from the Cyber Security Lab, University of Waikato, in New Zealand, and School of Mechanical & Aerospace Engineering, Nanyang Technological University in Singapore reviewed 11,491 news articles on cloud computing-related outages from 39 news sources between Jan 2008 and Feb 2012, effectively covering the first five years of cloud computing. The investigation revealed 172 unique incidents and several key findings. For example, it was found that the top three vulnerabilities which accounted for 64% of all incidents were “Insecure Interfaces & APIs”, “Data Loss & Leakage”, and “Hardware Failure”. It was also observed that 25% of these news-reported cloud outages had no clear explanation on the exact causes of the outages from the cloud service providers - showing room for improvement in terms of transparency and accountability of cloud service providers. "This white paper not only shows the top causes of cloud vulnerabilities, but also the top weaknesses cloud service providers can target to focus on." said Dr Ryan Ko, CSA APAC Research Adviser and leader of the study. "We hope that the results of this research will encourage increased transparency and accountability amongst the cloud service providers." The white paper and the raw data is currently downloadable from https://cloudsecurityalliance.org/research/vulnerabilities/ under the Creative Commons (Attribution-NonCommercial-NoDerivs) license. About Cloud Security Alliance Vulnerabilities Working Group: Founded by the CSA APAC region in May 2013, the CSA Cloud Vulnerabilities Working Group is global working group chartered to conduct research in the area of cloud computing vulnerabilities, with the goals of understanding and educating the classification and exact causes of cloud computing vulnerabilities, recommendations and best practices for the reduction of top vulnerabilities, reporting of vulnerabilities and the development of related tools and standards. About Cloud Security Alliance: The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at https://cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.