Cloud Computing – 2022 Top Threats – part 1
Mid-2022 The Cloud Security Alliance (CSA) conducted a survey on over 700 cloud security experts on that very topic – security in the cloud. The report showed that the COVID–19 pandemic has shifted the cloud security landscape, with the focus now being on end software teams as the weak links. Traditional cloud security issues such as denial of service, shared technology vulnerabilities, CSP data loss, and system vulnerabilities have been rated low enough to be excluded from the report, showing an apparent trust in the cloud. With the shift in focus, new highly-rated items in survey results point to cloud adopters as the weak links and no longer data breaches. Identity and access management, cryptography, configuration management, poor coding practices, and ignoring strategic cloud direction are now the top concerns, all of which are directly in the user’s control and require agile project management and DevOps to be addressed.
The result of this survey is the sixth issue in the Top Threats to Cloud Computing series called the Pandemic 11 identifying eleven topics considered as the most concerning to cloud security.
1. Insufficient ID, Credential, Access and Key Management, Privileged Accounts
2. Insecure Interfaces and APIs
3. Misconfiguration and Inadequate Change Control
4. Lack of Cloud Security Architecture and Strategy
5. Insecure Software Development
6. Unsecure Third-Party Resources
7. System Vulnerabilities
8. Accidental Cloud Data Disclosure
9. Misconfiguration & Exploitation of Serverless & Container Workloads
10. Organised Crime / Hackers / APT
11. Cloud Storage Data Exfiltration
Check our blog in the next few weeks to find out more details about these eleven cloud security challenges identified in 2022.