Cloud Security Alliance (CSA) has released a list of 11 cyber threats which the users of cloud computing were facing, identifying data breaches as the top threat to loom on cloud users.
CSA which earlier released a list of 12 cyber threats in 2016, now says that insecure APIs, account hijacking, insider threats, and poor identity management are still occupying a significant place in its newly compiled list of highly qualified threats.
Keeping aside the rest, let’s discuss in brief about the newly identified threats recognized by CSA.
Misconfiguration and derisory change control- It’s no wonder that misconfiguration of cloud platforms has occupied a place in the cyber threat list. Especially after Amazon and Azure storage buckets are found leaking data to hackers unknowingly.
Failures in Meta-structuring and application structuring- Here the list wants to highlight the threat lurking in the application programming interface where customers are allowed to extract info about security protections and operations in the cloud. For instance, log in and audit report extracts. Here Cloud Service Providers (CSPs) should understand what to provide to their customers, who thereafter must wisely act while using the controls.
Monitoring data flow- CSA has concluded that most cloud services providers fail to create awareness among their users that they need to adhere to certain practices which keep a tab on the data flow going into the cloud. The alliance states that this trajectory might offer a vulnerability to hackers who can exploit it at some point of time after its detection.
Cloud usage visibility getting limited- When users start taking decisions to buy cloud apps on their own, this creates a conducive environment for shadow IT where security is thrown to air which can lead to serious repercussions.
Scarcity for a proper cloud security architecture and strategy- There is a misconception prevailing among cloud users that the CSP will be responsible for the entire security after they sign an SLA. But here, they should understand the fact that the entire process happens to be a shared responsibility of the CSP and the user and is not wholly based on the user.
Note- the interesting fact about the list of new cyber threats is that it has increasingly focused on mistakes committed by administrators rather than infiltrating hackers and other security issues. So, we can conclude that as the cloud computing world is maturing, the threat landscape is also maturing on a gradual note.