Cloud security remains a top concern for many companies, especially when business units acquire cloud services independent of the IT department. To help illustrate the problems such practices can create, the Cloud Security Alliance (CSA) has compiled its list of “The Treacherous 12: Cloud Computing Top Threats in 2016.”

The 2016 Top Threats release mirrors the shifting ramifications of poor cloud computing security decisions up through the managerial ranks,” the CSA report said.  “Instead of being an IT issue, it is now a boardroom issue. The reasons may lie with the maturation of cloud, but more importantly, most likely from higher strategic decisions by executives in their cloud adoption strategic decisions.”

Top Cloud Security Related Threats of 2016

That CSA report listed the following treacherous threats:

Data breaches

Weak identity, credential, and access management

Insecure interfaces and APIs

System and application vulnerability

Account hijacking

Malicious insiders

Advanced persistent threats (APTs)

Data loss

Insufficient due diligence

Abuse and nefarious use of cloud services

Denial of service

Shared technology issues



Today, about 6 months into 2016, the Gartner Group recently organized a list of Security Predictions for 2016 meant to help companies better prepare for these known threats as well as future new threats to enterprise information security anticipated to happen over the next two to four years.

At a 2016 Gartner Security & Risk Summit, Earl Perkins, research vice president at Gartner, presented the following top Strategic Planning Assumptions (SPAs) for security in the next two to four years.

  1. Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.
  2. By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.
  3. By 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs.
  4. By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies.
  5. By 2020, 80% of new deals for cloud-based CASB will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms.
  6. By 2018, enterprises that leverage native mobile containment rather than third-party options will rise from 20% to 60%.
  7. By 2019, 40% of IDaaS implementations will replace on-premises IAM implementations, up from 10% today.
  8. By 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.
  9. Through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices.
  10. By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.

Read more about the full CSA “Treacherous Twelve Cloud Computing Top Threats in 2016” report (Registration Required)

Read more details about recommended actions to take with each “Strategic Planning Assumptions” from the Gartner Group

If applicable, please pass this information along to those information security professionals in your organization.  Thank you.

By: Ben J. Carnevale, Managing Editor

Pin It on Pinterest