Shifting to Software-Defined
cancel
Showing results for 
Search instead for 
Did you mean: 

Cloud Security Threats - What do we need to worry about?

SimonLeech

This is the first blog in a series of 5 looking at some specific cloud security threats identified by the Cloud Security Alliance. The other articles in the series can be accessed by searching the blog for the tag cloudsecthreats.

Much of the research into the most common barriers to cloud adoption in the enterprise focus around the security challenges – indeed the recent 451 Research ‘Voice of the Enterprise: Cloud Computing’ study highlighted security, compliancy, and data sovereignty as the top three concerns of IT executives considering moving to the cloud.

We’ve written a number of blogs over the past few months on the HPE Helion strategy for hybrid cloud security, but these have focused on the security controls that can be used to ‘protect’ the enterprise cloud. But what are we actually protecting the cloud from? What are the threats that cloud customers experience out there in the big bad world of cyber attacks?

Recently, HPE Security - Data Security sponsored a report from the Cloud Security Alliance entitled ‘The Treacherous 12 – Cloud Computing Top Threats in 2016’. The report is downloadable here and gives a very complete overview of the situation based upon a study carried out across enterprise customers around the world.

Treacherous12.png

As can be seen from the graphic, many of these threats are also present in the traditional data center environment – threats like data breaches, system vulnerabilities, or malicious insiders will continue to exist regardless of where the data is stored and processed. The difference from a cloud perspective of course is the increase in accessibility to the data – we can no longer rely on the perimeter firewall to create a crunchy shell around the organization, and instead we need to focus on cloud and virtualization-ready methods of infrastructure protection, or work with CSPs who offer those services - but that is a discussion for another time.

What I wanted to highlight here is a couple of the threats on the list that are fairly unique or extra relevant to a cloud environment, and worth looking at in a bit more detail – (2) Insufficient Identity, Credential, and Access Management, (3) Insecure Interfaces and APIs, (9) Insufficient Due Diligence, and (10) Abuse and Nefarious Use of Cloud Services. I will be discussing each of these in some more detail over my next couple of blog posts, but until then I encourage you all to download the latest report.

0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security Center of Excellence within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan

Events
See posts for
dates/locations
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
See posts for dates/locations
Reimagine 2018
Join us at one of the Reimagine 2018 stops and see how we Simplify Hybrid IT, innovate at the Intelligent Edge and bring it all together with HPE Poin...
Read more
View all