everythingpossible - Fotolia
CSA outlines CIOs’ top 12 cloud security concerns
Cloud Security Alliance’s research team uncovers the “dirty dozen” off-premise threats
The Cloud Security Alliance (CSA) has listed 12 security concerns that CIOs need to consider when taking steps to move their IT estate off-premise.
The list, compiled from the responses given by 270 IT security experts, focuses specifically on the main threats posed by the shared, on-demand nature of cloud services.
Unsurprisingly, the security concern cited most often around cloud use was the risk of data breaches, followed by the use of weak identity access management (IAM) and insecure APIs.
Application vulnerabilities, account hijacking, malicious insider threats, advanced persistent threats, data loss and insufficient due diligence were also among the most common fears.
Along with worries about cloud services being used “nefariously”, the risk of denial-of-service attacks and other shared technology issues were highlighted.
The trade association’s threats research team said the list is designed to help cloud users make informed decisions about how to minimise the security risks of using off-premise technologies.
“The 2016 Top Threats release mirrors the shifting ramifications of poor cloud computing decisions up through the managerial ranks,” the CSA report said.
“Instead of being an IT issue, it is now a boardroom issue. The reasons may lie with the maturation of cloud, but more importantly, higher strategic decisions by executives in cloud adoption.”
Read more about cloud security threats
- Microsoft has embarked on a renewed push to build enterprise trust in its cloud platforms by making it simpler for users to access information on its data privacy and security protocols.
- Better security will be the main reason by 2018 why government agencies decide to use the public cloud, Gartner predicts.
After outlining the top 12 cloud security risks, the CSA research team offered advice about the steps CIOs should take to protect themselves and their operations.
The Treacherous 12: Cloud Computing Top Threats in 2016 report advises CIOs to invest in multi-factor authentication and encryption technologies, as well as identity access management tools.
Jon-Michael Brook, co-chair of the CSA’s Top Threats working group, said the report highlighted how end-users’ approach to the cloud has matured in recent years.
“Our last Top Threats report [in 2013] highlighted developers and IT departments rolling out their own self-service shadow IT projects, and the bypassing of organisational security requirements,” said Brook.
“A lot has changed since then and what we are seeing in 2016 is that the cloud may be effectively aligned with executive strategies to maximise shareholder value.”