In the 1967 movie The Dirty Dozen, a gang of vicious criminals launches an infiltration and assault on a fortress. Today, your data and systems are similarly under attack – except these are not one-off assaults. The threats to security are real and are increasing in both frequency and sophistication. At this year’s RSA Conference in San Francisco – “Where the world talks security” – the Cloud Security Alliance (CSA) presented a research report titled The Treacherous Twelve, detailing the dozen most serious cloud security threats that face organisations in 2016. Established in 2009, the CSA is a not-for-profit industry organisation that focuses on cloud security research, best practice and education.


‘Cloud security is a boardroom issue’

The CSA list provides some real food for thought, wherever you are on your cloud journey. Indeed, the CSA’s executive VP of research commented: “At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges” adding that the top threat list “mirrors the shifting ramifications of poor cloud computing decisions up through the managerial ranks. Instead of being an IT issue, cloud security is now a boardroom issue. The reasons may lie with the maturation of cloud, but more importantly, higher strategic decisions are being made by executives when it comes to cloud adoption.”

The risks are real. In addition, Gartner, Inc. has predicted that through to 2020, some 95% of cloud security failures will be the customer’s fault*. This prediction, in my mind, simply reflects the growing breadth, depth and complexity of cloud services now being provided and accessed, along with the constantly evolving threat landscape – and underlines the need for reliable cloud access security brokers (CASB) as well as automation in how cloud security is tackled. Anyway, here’s ‘The Dirty Dozen’:


The CSA’s top 12 cloud security threats in 2016

  • Threat 1: Data Breaches
  • Threat 2: Weak Identity, Credential and Access Management
  • Threat 3: Insecure APIs
  • Threat 4: System and Application Vulnerabilities
  • Threat 5: Account Hijacking
  • Threat 6: Malicious Insiders
  • Threat 7: Advanced Persistent Threats (APTs)
  • Threat 8: Data Loss
  • Threat 9: Insufficient Due Diligence
  • Threat 10: Abuse and Nefarious Use of Cloud Services
  • Threat 11: Denial-of-Service (DoS)
  • Threat 12: Shared Technology Issues

None of these should come as a huge surprise, of course. And a leading edge CASB should have a position and a solution for all of these areas: from focused fit-for-purpose cloud security and identity access solutions that can be implemented fast, to providing advice, guidance and best practice across the board – from the strongest data loss prevention (DLP) strategies to advising on due diligence. It’s worth asking yourself: how well-placed is your organisation to respond, right now, if The Dirty Dozen came knocking at your door, all guns blazing? Because if they haven’t come looking for you already, it’s only a matter of time.

* Source: Gartner Symposium/ITxpo 2015 October 4-8 – “Gartner Reveals Top Predictions for IT Organizations and Users for 2016 and Beyond”