The Cloud Security Alliance (CSA) identified its dirty dozen cloud security threats “to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk management decisions regarding cloud adoption strategies. The February 2016 CSA report entitled “The Treacherous 12 Cloud Computing Top Threats in 2016” was released at the RSA Conference and observed that a “…malicious insider, such as a system administrator, can access potentially sensitive information” and used this definition of “insider threat” from CERN as follows:
A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems.
All of CSA’s “Treacherous 12” threats should be monitored by all cloud users, not just malicious insiders:
- Data Breaches
- Weak Identity, Credential and Access Management
- Insecure APIs
- System and Application Vulnerabilities
- Account Hijacking
- Malicious Insiders
- Advanced Persistent Threats (APTs)
- Data Loss
- Insufficient Due Diligence
- Abuse and Nefarious Use of Cloud Services
- Denial of Service
- Shared Technology Issues
Little doubt that all 12 cyber risks which grow to endanger the cloud.