Cloud Security Alliance (CSA), a leading non-profit organization that promotes cloud security, has recently released a report that provides an in-depth analysis of their last year publication – The Egregious 11: Top Threats to Cloud Computing. In the detailed study, Top Threats to Cloud Computing: Egregious 11 Deep Dive, CSA has cited the security threats faced by organizations by giving examples of nine recent breaches and cyber-attacks incidents. The reference chart presented in the report states complete details of the threats and how organizations overcame it.
By giving the details of nine actual attacks on leading enterprises, the report aims to showcase the cloud security risks and the need to make informed decisions regarding cloud adoption. “These anecdotes will let cybersecurity managers better communicate with executives and peers in addition to providing context for discussions with technical staff and offers in-depth detail for implementing mitigations and countermeasures from a security analysis standpoint,” said Jon-Micheal C. Brook, CISSP, CCSK, chair, Top Threats Working Group and one of the paper’s lead authors.
“These case studies identify where and how CSA Top Threats fit in a greater security analysis while providing a clear understanding of how lessons and mitigation concepts can be applied in real-world scenarios,” said John Yeoh, Global Vice President of Research, Cloud Security Alliance.
All the nine examples presented in the report give an attack-style synopsis of the security breach. It provides the complete picture, from the attack details to the technical and business impact as well as the mitigations and key takeaways. Furthermore, the details are presented in a compact form in the reference chart. Here is an example of a reference chart as illustrated for one of the leading video-on-demand streaming services, Disney+
The cloud computing model has transformed enterprises’ way of conducting business and the way IT departments work and delivers value. However, it also comes with security risks and issues. As Jon-Michael states in the report, the analysis aims to encourage engineers and architects to comprehend these cyber-attacks and present it as a starting point for their own analysis. Furthermore, the incidents’ narrative gives an additional context of the incident and how they should be dealt with. “The CSA Top Threats Working Group aims to provide organizations with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies.”