Helping to define and examine the top perceived cloud security threats of the day, the ‘Egregious Eleven’ is the most recent iteration in an evolving set of summary reports published by the Cloud Security Alliance (CSA). It follows on from the ‘Treacherous Twelve,’ which they defined for us in 2016, and the ‘Notorious Nine,’ which they spresented in 2013.

The ‘Egregious Eleven’ list marks an interesting shift of emphasis in that most threats it now describes can be viewed as more truly and intrinsically native to the shared, on-demand nature of cloud computing itself in comparison, that is, to some of the more traditional infrastructure and information security threats ‘also applicable to cloud’ discussed in previous versions. Another notable and rather positive difference is that some of the items highlighted in prior reports primarily relating to Cloud Service Providers (CSPs) now rate low enough in the survey responses to be omitted from the list altogether. Instead, more attention is paid to threats higher up the technology stack including areas of configuration within the customers control.

Whilst some of the threats will hardly come across as ‘breaking news’ to security professionals, the guide is produced with the admirable intention of simply being a “call to action” for enhancing security awareness and improvement. It also succinctly provides us with a well-researched, structured and articulated summary of possible hazards with which to raise questions and discussion. Both consumers and providers of cloud services alike can therefore benefit from risk assessing and hopefully escaping some, or ideally all, of the egregious eleven:

1 – Data Breaches

Just as many aspects of cloud computing continue to advance and evolve with characteristic pace, it appears there are some constants when it comes to security which show no sign of abating (Read more...)