CLOUD SECURITY ALLIANCE The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights The permanent and official location for Cloud Security Alliance Top Threats research is https://cloudsecurityalliance.org/group/top-threats/ © 2017 Cloud Security Alliance – All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print, and link to The Treacherous 12 - Cloud Computing Top Threats in 2016 at https://cloudsecurityalliance.org/download/the-treacherous-twelvecloud-computing-top-threats-in-2016/, subject to the following: (a) the Report may be used solely for your personal, informational, non-commercial use; (b) the Report may not be modified or altered in any way; (c) the Report may not be redistributed; and (d) the trademark, copyright or other notices may not be removed. You may quote portions of the Report as permitted by the Fair Use provisions of the United States Copyright Act, provided that you attribute the portions to The Treacherous 12 - Cloud Computing Top Threats in 2016. © 2017, Cloud Security Alliance. All right reserved. 1 CLOUD SECURITY ALLIANCE The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights Contents Acknowledgments................................................................................................................................................. 5 Executive Summary............................................................................................................................................... 6 Methodology............................................................................................................................................................. 8 1. Data Breaches............................................................................................................................................. 9 2. Insufficient Identity, Credential and Access Management..................................................... 12 3. Insecure Interfaces and APIs.............................................................................................................. 15 4. System Vulnerabilities.......................................................................................................................... 17 5. Account Hijacking.................................................................................................................................. 19 6. Malicious Insiders................................................................................................................................... 21 7. Advanced Persistent Threats............................................................................................................... 23 8. Data Loss.................................................................................................................................................... 25 9. Insufficient Due Diligence................................................................................................................... 27 10. Abuse and Nefarious Use of Cloud Services.................................................................................. 30 11. Denial of Service..................................................................................................................................... 32 12. Shared Technology Vulnerabilities................................................................................................... 34 © 2017, Cloud Security Alliance. All right reserved. 2 CLOUD SECURITY ALLIANCE The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights 2017 Edition: Industry Insights Acknowledgments.............................................................................................................................................. 37 Executive Summary............................................................................................................................................ 38 . Box mismanagement of invite links Data Breaches.......................................................................................................................................... 39 Yahoo breach Data Breaches.......................................................................................................................................... 40 LinkedIn failure to salt passwords when hashing Insufficient Identity Credential Access Managem