February 28, 2013 -- The Cloud Security Alliance Top Threats Working Group released “The Notorious Nine: Cloud Computing Top Threats in 2013.” The report is aimed at providing organizations with an up-to-date, expert-informed understanding of cloud security threats so that they can make educated risk-management decisions regarding cloud adoption strategies.
While there are many risks associated with the cloud in general, the report focuses on threats specifically related to the shared, on-demand nature of cloud computing, says CSA, a not-for-profit organization that promotes the use of best practices for providing security assurance within cloud computing. With descriptions and analyses, the report serves as a threat identification guide designed to help cloud users and providers make informed decisions about risk mitigation.
“To effectively manage risks in cloud computing, it is essential for companies to understand today’s and tomorrow’s threats specific to the cloud, and that comes with education and proper due diligence,” J.R. Santos, global research director of the CSA, said in a statement. “Companies are still not yet doing the proper due diligence, which is unfortunate and continues to be a real issue.”
To identify the top threats, CSA conducted a survey of industry experts. The CSA working group used these survey results along with its own expertise to craft the list of threats. The report identified the following nine critical threats to cloud security: data breaches, data loss, account hijacking, insecure APIs, denial of service, malicious insiders, abuse and nefarious use, insufficient due diligence and shared technology issues.
“The Notorious Nine: Cloud Computing Top Threats in 2013” is intended to be used in conjunction with the best practices guides “Security Guidance for Critical Areas in Cloud Computing V.3” and “Security as a Service Implementation Guidance,” CSA says. Together these documents offer guidance during the formation of comprehensive cloud security strategies.