The Cloud Security Alliance (CSA), an industry-backed group dedicated to best practices to ensure secure cloud computing environments, released its list of the top 11 threats to cloud computing.
According to CSA, the list published on Sept. 23, “captures cloud computing’s most significant and pressing issues with additional details and actionable information meant to be used as a starting point by cloud architects and engineers for their own analysis and comparisons.”
The report uses nine recent cybersecurity attacks and breaches to illustrate how the top threats to cloud computing fit into “a greater security analysis.”
The case study analysis will “let cybersecurity managers better communicate with executives and peers in addition to providing context for discussions with technical staff and offers in-depth detail for implementing mitigations and countermeasures from a security analysis standpoint,” said Jon-Michael C. Brook, one of the paper’s lead authors.
The top 11 threats are:
- Data Breach;
- Misconfiguration and Inadequate Change Control;
- Insufficient Identity, Credential, Access, and Key Management;
- Insufficient Identity and Credential Management;
- Account Hijacking;
- Insider Threat;
- Insecure Interfaces and Application Programming Interfaces;
- Weak Control Plane;
- Metastructure and Applistructure Failures;
- Limited Cloud Usage Visibility; and
- Abuse and Nefarious Use of Cloud Services.
The report explores each of the threats by applying them to a case study of a well-known, recent cyber incident. Each case study highlights the attack details, technical impacts, and business impacts. CSA also shares what preventative, detective, and corrective mitigation strategies should be used to ward off that type of attack. The nine recent attacks discussed in the report are:
- Capital One’s data breach;
- Disney+’s account hijackings;
- Dow Jones’ data breach;
- Github’s distributed denial of service attack;
- Imperva’s data breach;
- Ring’s personally identifiable information data breach;
- Tesco’s data breach;
- Tesla’s data breach and malware attack; and
- Zoom’s data breach.
“These case studies identify where and how CSA Top Threats fit in a greater security analysis while providing a clear understanding of how lessons and mitigation concepts can be applied in real-world scenarios,” said John Yeoh, global vice president of research for CSA.