The Cloud Security Alliance released a document listing the nine top threats of cloud computing: “The Notorious Nine”. The top nine threats are:
- Data breaches; an attacker may access your data
- Data loss; the loss may result either from an attack, a technical problem or a catastrophe. The document wisely highlights the issue raised by encryption (to protect against threat 1)
- Account hijacking
- Insecure APIs; this one is extremely important, especially for system designers. It is not necessarily unique to the cloud, but it is clearly exacerbated with a cloud infrastructure.
- Denial of service
- Malicious insiders
- Abuse of cloud services; using the cloud for nefarious actions such as password cracking. Well, every coin has two sides.
- Insufficient due diligence; jumping in the cloud wagon without enough preparation may be an issue. This is not proper to the cloud. It is true for any new paradigm. BYOD (Bring your own device) is a perfect illustration of such problem.
- Shared technology vulnerability; As you share components, pieces of software with not necessarily enough isolation, a single vulnerability may impact many players.
Each threat is described and illustrated by a real world example of an attack. A risk matrix allows to compare them.
This list has been established by conducting a survey of industry experts. Unfortunately, the document does not give details about the number of surveyed experts, their locations, and their qualifications.
Good document to read.