Developer-Centric Threat Modeling
SD Elements
Research
Upcoming Events
Resources
Over the last decade, cloud computing has taken organizations by storm — most of them are moving their applications to the cloud. The benefits of cloud migration are clear, some want to scale up fast while others are migrating to reduce the cost of maintaining an in-house infrastructure. For smaller, high-growth organizations, cloud offers enterprise-class technology while staying nimble.
But cloud services expose organizations to new vulnerabilities because of the increased attack surface. It is also important to note that when organizations select a cloud service provider, they work under a “shared responsibility model” for application development. This means it is ultimately an organization’s responsibility to protect their data in the cloud environment.
The European Network and Information Security Agency (ENISA) publication lists almost two dozen discrete cloud security risks across policy and organizational, technical, and legal categories.
Considering all the risks associated with cloud computing before making the move can prevent security breaches later. These breaches are not only expensive in terms of the remediation costs involved but can also severely damage an organization’s reputation.
In fact, the fear of breaches is quite high as evident from a survey by Cybersecurity Insider where 29 percent of the responders said that data security, loss, and leakage risks are holding them from cloud adoption while 28 percent are concerned about general security risks.
In this white paper, we will talk about some of these risks ranked as “very high” and “high” by ENISA, along with recommendations to prevent these that you can use in your cloud migration strategy. We have also included a few recommendations for risk mitigation from the Cloud Security Alliance’s (CSA) Security Guidance document.