© 2024 Arizent. All rights reserved.
p17lcvvd9v1tq61lbvnu9cvk1scc6.jpg
As cloud computing adoption and capabilities change, so, too, do the threats. CSA Global Research Director J.R. Santos said the list of nine threats was released with the intent of bringing “increased awareness to help companies make informed decisions to mitigate risks within their cloud adoption strategy.”
p17lcvvda0hr31or31bdamf3qlv7.jpg

9) Shared Technology Issues

As-a-service adoption doesn’t mean you let your guard down. According to CSA: “whether the service model is IaaS, PaaS or SaaS ... the key is that a single vulnerability or misconfiguration can lead to a compromise across an entire provider’s cloud.”
p17lcvvda0bc119bt1ogtq9j19uab.jpg

8) Insufficient Due Diligence

CSA warns not to get swept up in the “gold rush” mentality of low-bid providers and promises of the moon and stars. The organization recommends: “organizations moving to a cloud technology model ... must have capable resources and perform extensive internal and [service provider] due diligence and understand the risks it assumes.”
p17lcvvd9vl5pp591lna7lt1r5g5.jpg

7) Abuse and Nefarious Use

At one time the top perceived threat with the cloud, this provider-side risk still holds water. The questions cloud providers need to answer are: How will you detect people abusing your service? How will you define abuse? How will you prevent them from doing it again?
p17lcvvda0193lskl18c81llh2ade.jpg

6) Malicious Insiders

The potential for an attack from a “malicious insider,” such as a system administrator, is a subject of debate. Yet deployment to a cloud does little to abate management fears.
p17lcvvda0ifj1ol51en9l3u1dc9a.jpg

5) Denial of Service

Preventing access to cloud services in the first place has become an in vogue method of disruption. In 2010, DOS attackers weren’t ranked in the top nine cloud threats. Their use by hackers and attackers now can leave cloud users with a feeling akin to being stuck in rush-hour gridlock.
p17lcvvda07qf5ir1jak16271nsb8.jpg

4) Insecure APIs

Although insecure interfaces aren’t deemed as damning a threat as in past CSA assessments, it remains important for cloud consumers to “understand security implications with the usage, management, orchestration and monitoring of cloud services.”
p17lcvvda018u41rvsuij11tdq319.jpg

3) Account Hijacking

Unfortunately, CSA notes that phishing, fraud and exploitation of software vulnerabilities still produce results. With access to credentials and, subsequently, cloud accounts via these measures, “your account or service instances may become a new base for the attacker.” Avoid sharing of account credentials among users and services, and leverage two-factor authentication when possible, CSA recommends.
p17lcvvda06qhcvo1t3u17a2186tc.jpg

2) Data Loss

Accidents will happen, along with natural disasters, putting data loss near the top of cloud threats. Regular backup measures and encryption safeguards can protect much of the increasing amount of data stowed in the cloud.
p17lcvvda0kr0f7a12otf5vgusd.jpg

1) Data Breaches

Ranked as the fifth-largest threat to cloud deployments in 2010, data breaches now rank as the biggest risk to cloud environments. In one instance, CSA cited a 2012 academic study that outlined ways VMs could be used to extract cryptographic keys for other VMs on the same server.