CSA Names 2024’s Top Cloud Computing Threats: Do You Agree?

The Cloud Security Alliance has released its latest assessment of the dangers facing cloud service providers and other cloud-centric channel partners. See if you concur with the findings.

Kelly Teal, Contributing Editor

August 7, 2024

4 Min Read
Top Cloud computing threats, per Cloud Security Alliance
Gustavo Frazao/Shutterstock

Misconfiguration and inadequate change control stands out as the top cloud computing threat in 2024. 

That’s according to the latest report from the Cloud Security Alliance. 

Unveiled this week, "Top Threats to Cloud Computing 2024" pinpoints and discusses the 11 key dangers cloud service providers have to juggle. This year, misconfiguration/change control has taken the No. 1 spot, compared to identity and access management (IAM), which dominated the CSA’s previous findings in 2022.

Still, IAM remains an issue. It sits in second place as a major cloud computing threat. Two years ago, however, insecure interfaces and APIs held that position; it has moved into third place for 2024.

In order of risk, here are the rest of the cloud computing threats facing CSPs this year, per the CSA, and their 2022 rankings, as applicable, in parentheses:

  • No. 4: Inadequate selection/implementation of cloud security strategy (#4)

  • No. 5: Insecure third-party resources (#6)

  • No. 6: Insecure software development ((#5)

  • No. 7: Accidental cloud disclosure (#8)

  • No. 8: System vulnerabilities (#7)

  • No. 9: Limited cloud visibility/observability (n/a)

  • No. 10: Unauthenticated resource sharing (n/a)

  • No. 11: Advanced persistent threats (#10)

Traditional cloud security matters, especially the kind typically associated with CSPs, have decreased in importance, the CSA further found. As such, the group excluded concerns including denial-of-service attacks, share technology vulnerabilities and CSP data loss from this year’s report.

With those particular challenges off the list, then, the current roster of top cloud computing threats could look static. But don’t be fooled, the CSA said.

CSA's Michael Roza

“It’s tempting to think that the reason the same issues have remained in the top spots since the report was last issued stems from a lack of progress in securing these features,” said Michael Roza, co-chair of the CSA’s Top Threats Working Group, and one of the paper’s lead authors. “The larger picture, however, speaks to the importance placed on these vulnerabilities by organizations and the degrees to which they are working to build ever more secure and resilient cloud environments.”

But Wait, More Cloud Computing Threats Sit on the Horizon

Meanwhile, CSPs and other cloud channel partners should be aware of some key trends that CSA says are likely to shape the future of cloud computing (and, we infer, present new cloud computing threats). Those include the following four areas:

  • Increased attack sophistication. Attackers will continue to develop more sophisticated techniques, including through the use of AI, to exploit vulnerabilities in cloud environments. These new approaches will require CSPs and other channel partners to assume “a proactive security posture with continuous monitoring and threat-hunting capabilities,” as the CSA put it in its report.

  • Supply chain risk. The growing complexity of cloud ecosystems will increase the attack surface for supply chain vulnerabilities, the CSA said. Organizations will need to extend security measures to their vendors and partners. From the Channel Futures perspective, this also serves as another opportunity for partners to offer unique services — whether that’s consulting, unique intellectual property, third-party capabilities or something more — to their cloud computing end users. 

  • Evolving regulatory landscape. Regulatory bodies around the world likely will implement stricter data privacy and security regulations, the CSA found. This will, of course, require organizations to adapt their cloud security practices. Government intervention remains an ongoing, ever-changing beast and Channel Futures sees opportunity for partners to guide clients, expanding their consultancy practices.

  • The rise of ransomware as a service (RaaS). RaaS will make it easier for unskilled actors to launch sophisticated attacks against cloud environments. In other words, hacks and breaches are moving out of the sole domain of organized international groups and into the hands of anyone who wants to wreak havoc. End users will need robust data backup and recovery solutions alongside strong access controls, the CSA said. Channel Futures takes that to mean partners should consider this aspect of security as a key part of their cloud computing portfolios and expertise.

Sean Heide, technical research director for the CSA, agreed.

“Given the ever-evolving cybersecurity landscape, it’s difficult for companies to stay ahead of the curve and mitigate their financial and reputational risks. By bringing attention to those threats, vulnerabilities and risks that are top-of-mind across the industry, organizations can better focus their resources.”

Founded in 2008, the CSA defines standards, certifications and best practices around cloud computing, including how to address top cloud computing threats.

Read more about:

VARs/SIsMSPs

About the Author

Kelly Teal

Contributing Editor, Channel Futures

Kelly Teal has more than 20 years’ experience as a journalist, editor and analyst, with longtime expertise in the indirect channel. She worked on the Channel Partners magazine staff for 11 years. Kelly now is principal of Kreativ Energy LLC.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like