GovDefenders Wednesdays | Cloud Security Alliance Warns Providers Of ‘The Notorious Nine’ Cloud Computing Top Threats In 2013
The Cloud Security Alliance (CSA) Top Threats Working Group today released, The Notorious Nine: Cloud Computing Top Threats in 2013 - a revised report aimed to provide organizations with up-to-date, expert-informed understanding of cloud security threats in order to make educated risk-management decisions regarding cloud adoption strategies.
The report focuses on threats specifically related to the shared, on-demand nature of cloud computing. With descriptions and analyses, the report serves as an up-to-date threat identification guide that will help cloud users and providers make informed decisions about risk mitigation within a cloud strategy.
To identify the top threats, CSA conducted a survey of industry experts, to compile professional opinion on the greatest issues within cloud computing. The Top Threats Working Group used these survey results, alongside their expertise, to craft the final The Notorious Nine: Cloud Computing Top Threats in 2013. The survey methodology validated that the threat listing reflects the most current concerns of the industry.
In this most recent edition of this report, experts identified the following nine critical threats to cloud security:
- Data Breaches
- Data Loss
- Account Hijacking
- Insecure APIs
- Denial of Service
- Malicious Insiders
- Abuse and Nefarious Use
- Insufficient Due Diligence
- Shared Technology Issues
Over the next few weeks, we shall cover each area in detail.
Threat One: Data Breaches
A data breach is defined as a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an unauthorized entity.
There are numerous consequences of a data breach. Organizations experiencing a data breach incurred costs across the board. Some other consequences included:
- Potential risk to National Security
- Potential misuse of Personally Identifiable Information (PII)
- Potential loss of company confidential information (Economic Espionage)
- Potential litigation
- Potential fines
- A decline in share value
- Loss of customers
Data breaches are a prevalent problem for most public sector organizations today. Yet, despite negative repercussions in terms of risks and impacts, many agencies cannot seem to prevent all data breaches, nor are they prepared to mitigate the risks after the inevitable breach does occur.
Agencies can significantly reduce the risks associated with data breach - by taking proactive steps to review and revise policies. Once a formal System Security Plan (SSP) is established; adhere to the SSP for any breach. Formalized Incident Response (FIR) process is important for remediation and Continuous Monitoring is vital for providing feedback data required to revise policies.
Encryption is the single most effective way to avoid the negative business impact of data breaches. Encryption technology is cost-effective, on a per device basis. Also, encryption typically does not require much IT services time to install.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing. The Cloud Security Alliance (CSA) is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. DLT’s Cloud Advisory Group (CAG) is an active contributor to CSA research efforts. The CAG is a member of the Washington DC Chapter of the CSA.
Interested in learning more about cybersecurity? The GovDefenders Virtual Event is a free online cybersecurity conference on April 24. Join us from your desk as experts from NetApp, Symantec, ForeScout, Red Hat, Quest Software, SolarWinds, and DLT Solutions, discuss trends, best practices, and the future of public sector cybersecurity. Register today!