Making Cloud SLAs readily usable in the EU private sector
Cloud Security Alliance’s research team uncovers top 12 off-premise threats
SLA-Ready partner, the Cloud Security Alliance (CSA) has listed 12 security concerns that CIOs need to consider when taking steps to move their IT estate off-premise.
The list, compiled from the responses given by 270 IT security experts, focuses specifically on the main threats posed by the shared, on-demand nature of cloud services. Unsurprisingly, the security concern cited most often around cloud use was the risk of data breaches, followed by the use of weak identity access management (IAM) and insecure APIs.
Application vulnerabilities, account hijacking, malicious insider threats, advanced persistent threats, data loss and insufficient due diligence were also among the most common fears. Along with worries about cloud services being used “nefariously”, the risk of denial-of-service attacks and other shared technology issues were highlighted.
The trade association’s threats research team said the list is designed to help cloud users make informed decisions about how to minimise the security risks of using off-premise technologies. “The 2016 Top Threats release mirrors the shifting ramifications of poor cloud computing decisions up through the managerial ranks,” the CSA report said. “Instead of being an IT issue, it is now a boardroom issue. The reasons may lie with the maturation of cloud, but more importantly, higher strategic decisions by executives in cloud adoption.”
After outlining the top 12 cloud security risks, the CSA research team offered advice about the steps CIOs should take to protect themselves and their operations. The Treacherous 12: Cloud Computing Top Threats in 2016 report advises CIOs to invest in multi-factor authentication and encryption technologies, as well as identity access management tools.
The report highlighted how end-users’ approach to the cloud has matured in recent years. In 2013, developers and IT departments were rolling out their own self-service shadow IT projects, and the bypassing of organisational security requirements. In 2016, we are seeing in 2016 is that the cloud may be effectively aligned with executive strategies to maximise shareholder value.
The original article published by Computer Weekly: CSA outlines CIOs’ top 12 cloud security concerns.