Whitepaper: Cloud Insecurity and True Accountability
At the end of 2013, the Cloud Security Alliance (CSA) published its annual report on “The Notorious Nine: Cloud Computing’s Top Threats in 2013” and the shift from “server to service-based thinking”.
Among the top threats outlined in the report include data breaches, data loss, account or service hijacking, insecure interfaces and APIs, denial of service, malicious insiders, abuse of cloud services, insufficient due diligence, and shared technology vulnerabilities. Quite a list.
Today, CIO’s should make the assumption that any outsourced infrastructure will at some point be compromised, if not already. You can’t outsource trust with the complexities offered today or with the people operating those resources on your behalf.
Also it’s reasonable to assume your own infrastructure is already compromised or soon will be in the (near) future. The more important and valuable your intangible assets are (your intellectual property, customer and supplier base, etc), the more likely you are to be compromised.
In a paper authored by Matthew Johnson, Guardtime’s CTO, he discusses how to mitigate the threats with the above foundational assumptions, addressing some of the Top Threats, outlined by the CSA’s Top Threat’s Working Group (as surveyed by largely unnamed industry experts from the cloud industry) with a focus on truth, not trust and transparent accountability of the service provider industry.
We believe this is a critical read for all CIO-s out there. Download the whitepaper.