Cloud 101CircleEventsBlog
Register for CSA's AI Summit at RSAC on May 6!

Research Topic

Top Threats

Top Threats to Cloud Computing Pandemic Eleven
Top Threats to Cloud Computing Pandemic Eleven

Download

Top Threats
The shift from traditional client/server to service-based models is transforming the way technology departments deliver computing technology and applications. However, cloud computing has also created new security vulnerabilities, including security issues whose full impacts are still emerging.

What is CSA doing to help address threats to cloud computing?
CSA created a bi-annual survey report to help the industry stay up to date on the latest threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing. In these reports we survey industry experts on security issues in the cloud industry and they rate salient threats, risks and vulnerabilities in their cloud environments. These reports allow cybersecurity managers to better communicate with executives and peers and provide context for discussions with technical staff.

How can your organization address these threats?
How have organizations dealt with these cloud threats in real life? CSA’s series of case studies help identify where and how those threats fit in a greater security analysis, while providing a clear understanding of how lessons and mitigation concepts can be applied in real-world scenarios. This group has also created a playbook for penetration testing in cloud environments and as well as guidance for how to approach threat modeling for cloud systems.


Top ThreatsCloud Incident Response

Research for Cloud Security Threats

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Top Threats to Cloud Computing: Egregious Eleven

Top Threats to Cloud Computing: Egregious Eleven

Read an up-to-date, expert-informed understanding of the top cloud security concerns facing the industry in order to make educated risk-management decisions regarding cloud adoption strategies. In this fourth installment of the Top Threats Report, we again surveyed 241 industry experts on security issues in the cloud industry. This year our respondents rated 11 salient threats, risks and vulnerabilities in their cloud environments. After analyzing the responses in this survey, we noticed a drop in the ranking of traditional cloud security issues under the responsibility of cloud service providers (CSPs). Concerns such as denial of service, shared technology vulnerabilities and CSP data loss and system vulnerabilities—which all featured in the previous Treacherous 12—were now rated so low they have been excluded in this report. These omissions suggest that traditional security issues under the responsibility of the CSP seem to be less of a concern. I...

Top Threats to Cloud Computing: Egregious Eleven Deep Dive

Top Threats to Cloud Computing: Egregious Eleven Deep Dive

This report provides case‌ ‌study‌ ‌analyses‌ ‌for‌ last year’s ‌The‌ ‌Egregious‌ ‌11:‌ ‌Top‌ ‌Threats‌ ‌to‌ ‌Cloud‌ ‌Computing and a relative security industry breach analysis. Using nine actual attacks and breaches, including a major financial services company, a leading enterprise video communications firm, and a multinational grocery chain for its foundation, the paper connects the dots between the CSA Top Threats in terms of security analysis. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor spanning from threats and vulnerabilities to end controls and mitigations. These anecdotes will let cybersecurity managers, cloud architects, and cloud engineers better communicate with executives and peers in addition t...

Cloud Penetration Testing Playbook

Cloud Penetration Testing Playbook

As cloud services continue to enable new technologies and see massive adoption there is a need to extend the scope of penetration testing into public cloud systems and components. The process described here aims to provide the foundation for a public cloud penetration testing methodology and is designed for current and future technologies that are hosted on public cloud environments or services. In particular, this document focuses on penetration testing of applications and services hosted in the cloud. It addresses the methodological and knowledge gaps in security testing of information systems and applications in public cloud environments.This work focuses on testing systems and services hosted in public cloud environments. This refers to customer-controlled or customer-managed systems and services. For example, a custom virtual machine, managed and controlled by the cloud customer, in an IaaS environment would be in-scope whereas the h...

Webinars

Reducing the Attack Surface in the Cloud
Reducing the Attack Surface in the Cloud

October 14 | Online

Learn more

Impact of Digital Transformation on Security Strategy
Impact of Digital Transformation on Security Strategy

October 28 | Online

Learn more

Cloud Imposter: Using SSO to Stage a SaaS Invasion
Cloud Imposter: Using SSO to Stage a SaaS Invasion

October 19 | Online

Learn more

Standardize Identity Security: From On-Prem to Multi-Cloud
Standardize Identity Security: From On-Prem to Multi-Cloud

November 16 | Online

Learn more

Blog Posts

2023 Threat Intelligence Year in Review: Key Insights and Developments
A Comprehensive Guide to Business Cyber Security
HijackLoader Expands Techniques to Improve Defense Evasion