The Cloud Security Alliance published “The Treacherous 12 – Cloud Computing Top Threats in 2016” last year. I just saw it cited in a security conference presentation and realized that I had not shared this reference. For those involved in decision-making about risk management of their applications, data, and operations, this resource has some value. If you have not yet experienced a challenge to host your business in “the cloud”** it is likely you will in the future.
In my opinion, the Cloud Security Alliance is wildly optimistic about the business and compliance costs and the real risks associated with using shared, fluid, “cloud” services to host many types of global financial services business applications & non-public data. That said, financial services is a diverse collection of business activities, some of which may be well served by credible “cloud” service providers (for example, but not limited to, some types of sales, marketing, and human resource activities). In that context, the Cloud Security Alliance still publishes some content that can help decision-makers understand more about what they are getting into.
“The Treacherous 12 – Cloud Computing Top Threats in 2016” outlines what “experts identified as the 12 critical issues to cloud security (ranked in order of severity per survey results)”:
- Data Breaches
- Weak Identity, Credential and Access Management
- Insecure APIs
- System and Application Vulnerabilities
- Account Hijacking
- Malicious Insider
- Advanced Persistent Threats (APTs)
- Data Loss
- Insufficient Due Diligence
- Abuse and Nefarious Use of Cloud Services
- Denial of Service
- Shared Technology Issues
For each of these categories, the paper includes some sample business impacts, supporting anecdotes and examples, candidate controls that may help address given risks, and links to related resources.
If your role requires evaluating risks and opportunities associated with “cloud” anything, consider using this resource to help flesh out some key risk issues.
**Remember, as abstraction is peeled away “the cloud” is an ecosystem constructed of other people’s “computers” supported by other people’s employees…
Cloud Security Alliance:
“The Treacherous 12 – Cloud Computing Top Threats in 2016”