Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Cloud Security Threats - What do we need to worry about?

SimonLeech

This is the first blog in a series of 5 looking at some specific cloud security threats identified by the Cloud Security Alliance. The other articles in the series can be accessed by searching the blog for the tag cloudsecthreats.

Much of the research into the most common barriers to cloud adoption in the enterprise focus around the security challenges – indeed the recent 451 Research ‘Voice of the Enterprise: Cloud Computing’ study highlighted security, compliancy, and data sovereignty as the top three concerns of IT executives considering moving to the cloud.

We’ve written a number of blogs over the past few months on the HPE Helion strategy for hybrid cloud security, but these have focused on the security controls that can be used to ‘protect’ the enterprise cloud. But what are we actually protecting the cloud from? What are the threats that cloud customers experience out there in the big bad world of cyber attacks?

Recently, HPE Security - Data Security sponsored a report from the Cloud Security Alliance entitled ‘The Treacherous 12 – Cloud Computing Top Threats in 2016’. The report is downloadable here and gives a very complete overview of the situation based upon a study carried out across enterprise customers around the world.

Treacherous12.png

As can be seen from the graphic, many of these threats are also present in the traditional data center environment – threats like data breaches, system vulnerabilities, or malicious insiders will continue to exist regardless of where the data is stored and processed. The difference from a cloud perspective of course is the increase in accessibility to the data – we can no longer rely on the perimeter firewall to create a crunchy shell around the organization, and instead we need to focus on cloud and virtualization-ready methods of infrastructure protection, or work with CSPs who offer those services - but that is a discussion for another time.

What I wanted to highlight here is a couple of the threats on the list that are fairly unique or extra relevant to a cloud environment, and worth looking at in a bit more detail – (2) Insufficient Identity, Credential, and Access Management, (3) Insecure Interfaces and APIs, (9) Insufficient Due Diligence, and (10) Abuse and Nefarious Use of Cloud Services. I will be discussing each of these in some more detail over my next couple of blog posts, but until then I encourage you all to download the latest report.

  • HPE Cloud
0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and Chief Technologist Security within the Hewlett Packard Enterprise EMEA Hybrid IT Team. Within Hewlett Packard Enterprise, Mr Leech is responsible for influencing and evangelising the security strategy of the Hybrid IT team. Simon is active on Twitter as @DigitalHeMan

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all