Top Threats to Cloud Computing?

When is a threat not a threat? The answer is when it’s selected by someone who does not understand the correct terminology. 
In fact this happens a lot when you ask ordinary business managers to name their top risks. Instead of a list of risks, you often get a bunch of issues, problems or subject areas, rather than risks: things like ‘compliance’ or ‘privacy’. But a risk is an event, not a subject area; something for which we can assign a probability of occurrence within a specific period. 
You don’t expect to see this type of sloppy analysis coming from a collection of leading security experts, especially one that is aiming to teach the rest of us how to go about security. So I was surprised to find that the ‘ Top Threats to Cloud Computing‘ just published by the Cloud Security Alliance contains little about specific threats, but plenty of waffle about general IT security problem areas. 
Some of the threats are vulnerabilities, such as ‘Insecure Application Programming Interfaces’ or ‘Shared Technology Vulnerabilities’. One of them, ‘Unknown Risk Profile’ is not a risk at all but the absence of a risk assessment. The rest too general to be of any use, such as ‘Malicious Insiders’, ‘Data Loss or Leakage’ and ‘Abuse and Nefarious Use of Cloud Computing’. 
This paper can be largely summed up in one sentence: “Cloud Computing presents the same risks of fraud and data breaches as any large, outsourced critical business service. You need to follow good security practices.” Unfortunately, such concise wisdom would not come across as a major advance of the start of the art.  

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close