Shifting to Software-Defined
Showing results for 
Search instead for 
Did you mean: 

Cloud Security Threats - What do we need to worry about?


This is the first blog in a series of 5 looking at some specific cloud security threats identified by the Cloud Security Alliance. The other articles in the series can be accessed by searching the blog for the tag cloudsecthreats.

Much of the research into the most common barriers to cloud adoption in the enterprise focus around the security challenges – indeed the recent 451 Research ‘Voice of the Enterprise: Cloud Computing’ study highlighted security, compliancy, and data sovereignty as the top three concerns of IT executives considering moving to the cloud.

We’ve written a number of blogs over the past few months on the HPE Helion strategy for hybrid cloud security, but these have focused on the security controls that can be used to ‘protect’ the enterprise cloud. But what are we actually protecting the cloud from? What are the threats that cloud customers experience out there in the big bad world of cyber attacks?

Recently, HPE Security - Data Security sponsored a report from the Cloud Security Alliance entitled ‘The Treacherous 12 – Cloud Computing Top Threats in 2016’. The report is downloadable here and gives a very complete overview of the situation based upon a study carried out across enterprise customers around the world.


As can be seen from the graphic, many of these threats are also present in the traditional data center environment – threats like data breaches, system vulnerabilities, or malicious insiders will continue to exist regardless of where the data is stored and processed. The difference from a cloud perspective of course is the increase in accessibility to the data – we can no longer rely on the perimeter firewall to create a crunchy shell around the organization, and instead we need to focus on cloud and virtualization-ready methods of infrastructure protection, or work with CSPs who offer those services - but that is a discussion for another time.

What I wanted to highlight here is a couple of the threats on the list that are fairly unique or extra relevant to a cloud environment, and worth looking at in a bit more detail – (2) Insufficient Identity, Credential, and Access Management, (3) Insecure Interfaces and APIs, (9) Insufficient Due Diligence, and (10) Abuse and Nefarious Use of Cloud Services. I will be discussing each of these in some more detail over my next couple of blog posts, but until then I encourage you all to download the latest report.

0 Kudos
About the Author


Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security Center of Excellence within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan

June 5-6, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
June 19 - 21
Las Vegas, NV
HPE Discover 2018 Las Vegas
Visit this forum and learn about all things Discover 2018 in Las Vegas, Nevada, June 19 - 21, 2018.
Read more
View all