SaaS Security nyheter oppdaterer deg om storyer. hendelser. trusler. råd og tips.

"There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know." Donald Rumsfeld, United States Secretary of Defense



Sikkerhetsnytt - CyberSecNews::

Hva skjer i markedet:::

Cloud Security Alliance med topp 11 cybersecurity rapport

Cloud Security Alliance med topp 11 cybersecurity rapport

Cloud Security Alliance has unveiled its Top Threats to Cloud Computing: Egregious Eleven report, which lists the top 11 cybersecurity problems facing cloud computing users. In this fourth installment, the CSA surveyed 241 industry experts on security issues in the cloud industry. It is the first major update to the list since 2016, when Alliance released the Treacherous 12. The Top Threats Working Group used the survey results along with its expertise to create the final 2019 report. These issues are inherently specific to the cloud and thus indicate a technology landscape where consumers are actively considering cloud migration.  The following issues are often the result of the shared, on-demand nature of cloud computing.

1. Data Breaches

2. Misconfiguration and Inadequate Change Control

3. Lack of Cloud Security Architecture and Strategy

4. Insufficient Identity, Credential, Access and Key Management

5. Account Hijacking

6. Insider Threat

7. Insecure Interfaces and APIs

8. Weak Control Plane

9. Metastructure and Applistructure Failures

10. Limited Cloud Usage Visibility

11. Abuse and Nefarious Use of Cloud Services

Data breaches top the list

We won’t be surprised to see that Data breaches still top the list, unmoved since 2016. It means that data breach is still the primary objective of a targeted attack or merely the result of human error, application vulnerabilities or inadequate security practices. A data breach involves any kind of information that was not intended for public release, including—but not limited to—personal health information, financial information, personally identifiable information (PII), trade secrets and intellectual property.

Insufficient Identity, Credential, Access and Key Management

Identity, credential, access management systems include tools and policies that allow organizations to manage, monitor, and secure access to valuable resources. Cloud computing introduces multiple changes to traditional internal system management practices related to identity and access management (IAM). The report stated that it isn’t that these are necessarily new issues. Rather, they are more significant issues when dealing with the cloud because cloud computing profoundly impacts identity, credential, and access management. In both public and private cloud settings, CSPs and cloud consumers are required to manage IAM without compromising security.

As a result, Insufficient Identity and access management, number 4 in the list of threats has actually grown up and this report suggests an interesting and somewhat new perspective on cloud security. This new outlook focuses on configuration and authentication, and shifts away from the traditional focus on information security (e.g., vulnerabilities and malware).

Live Article Widget