Top threats to cloud computing

I just came across the Cloud Security Alliance's Top Threats to Cloud Computing white paper. Here's their list of the top threats:

  1. Abuse and nefarious use of cloud computing
  2. Insecure interfaces and APIs
  3. Malicious insiders
  4. Shared technology issues
  5. Data loss or leakage
  6. Account or service hijacking
  7. Unknown risk profile

The CSA says that these are not ranked in order of severity. That's good. Here's a snapshot of the cloud security incidents that cloutage.org has information on, and it looks like availability is actually the most pressing cloud security issue right now.

Cloutage 
But because the way that cloutage.org is categorizing their data doesn't seem to align very well with the top threats that the CSA has identified, we may never actually be able to validate that these threats are actually the most significant ones.

If I had to guess, I'd say that "data loss or leakage" is the most critical of the threats that CSA has identified. That's based on the apparent widespread availability issues that cloud computing is still facing.

And I'd say that "abuse and nefarious use of cloud computing" is probably the least critical of the CSA's threats. As I've mentioned before, the possibility of hackers using cloud computing to do things like cracking passwords or cryptographic keys is probably greatly over-hyped, and I don't really foresee hackers being able to do much with cloud computing that they couldn't do otherwise. But if someone has examples of things that hackers could do with cloud computing that they couldn't do otherwise, I'd love to hear about them.

Leave a Reply

Your email address will not be published. Required fields are marked *