Cybersecurity Professionals Identify Top Cloud Computing Security Risks

June 15, 2022 - The Cloud Security Alliance (CSA) released this year’s “Top Threats to Cloud Computing” report, outlining the most prevalent security concerns that trouble cybersecurity experts today. Researchers observed an apparent shift in perceptions of cloud security responsibilities from the cloud service provider (CSP) to the cloud adopter.  

Some of the most traditional cloud security concerns, such as denial-of-service, CSP data loss, and shared technology vulnerabilities, were rated significantly lower than in years past.

“New, highly rated items in the survey point to cloud adopters as the weak links,” the report noted.

CSA found that many of the top concerns were “directly in the user’s control: identity and access management, cryptography, configuration management, poor coding practices and ignoring cloud direction.”

The CSA Top Threats Working Group surveyed over 700 cybersecurity professionals and identified 11 top threats to cloud security, ranked in order of significance:

• Insufficient Identity, Credentials, Access, and Key Management
• Insecure Interfaces and APIs
• Misconfiguration and Inadequate Change Control
• Lack of Cloud Security Architecture and Strategy
• Insecure Software Development 6. Unsecured Third-Party Resources
• System Vulnerabilities
• Accidental Cloud Data Disclosure
• Misconfiguration and Exploitation of Serverless and Container Workloads
• Organized Crime/Hackers/APT
• Cloud Storage Data Exfiltration

Cloud computing technologies have experienced tremendous growth within healthcare in recent years due to their scalability. Many healthcare organizations have embraced public, private, hybrid, or multi-cloud architectures.

According to Vantage Market Research, the healthcare cloud computing market is expected to reach $128.19 billion by 2028, growing at a CAGR of 18.74 percent from 2021 to 2028. As healthcare organizations continue to adopt cloud technologies, it is important to take security considerations into account and recognize the need for shared security responsibility between CSPs and adopters.

CSA identified the top cloud computing security challenge as “insufficient identity, credential, access, and key management.”

“Identity, credential, access management systems include tools and policies that allow organizations to manage, monitor, and secure access to valuable resources. Examples may include electronic files, computer systems, and physical resources, such as server rooms or buildings,” CSA explained.

This issue falls under the cloud adopter’s responsibilities. CSA recommended that users prioritize proper maintenance and use a clear risk assignment model.

Insecure APIs were also a big concern among respondents, largely due to the rapid adoption of APIs across various industries. Oversights in API usage can include excessive permissions, unauthenticated endpoints, and disabled logging or monitoring.

This security challenge is especially relevant for healthcare, as the industry is increasingly using APIs to aid in interoperability efforts.

A lack of cloud security strategy and architecture were also contributing to security risks, respondents indicated. Cloud adopters should ensure that they have the infrastructure and strategies needed to securely implement cloud technologies prior to initiating implementation.

“The absence of a cloud security strategy and architecture limits the viability for effective and efficient enterprise and infrastructure security architecture to be implemented,” the report explained.

“Without these security/compliance goals will fail to be met, resulting in fines and breaches, or doing so will be costly due to implementing workarounds, refactoring and migrating.”

Security issues like ransomware were frequently attributed to cloud providers in the past, but 2022’s top cloud security risks seemed to demonstrate an increased trust in CSPs and the need for more security ownership and awareness by the cloud adopters themselves.

“The cloud itself is less of a concern, so now we focus more on the implementation of the cloud technologies,” CSA concluded.