CSA: Top Threats to Cloud Computing: Deep Dive
Case study that attempts to connect the dots when it comes to risk management and cloud computing by providing a more technical detail dealing with architecture, compliance, risk and mitigation for each of the cloud computing threats and vulnerabilities identified.
The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, released a case study "Top Threats to Cloud Computing: Deep Dive" in an attempt to provide more technical details dealing with the architecture, compliance, risk, and mitigations for each threats and vulnerabilities identified in the Treacherous 12: Top Threats to Cloud Computing (2016).
Each of the examples are presented as both a reference chart and detailed narrative. The reference chart’s format offers an attack-style synopsis of the actor, spanning from threats and vulnerabilities to associated controls and mitigations. The longer-form narratives provide additional context (such as how an incident came to pass or how it should be dealt with). For cases where details—such as impacts or mitigations—were not discussed publicly, the working group extrapolated to include expected outcomes and possibilities.
The paper goes on to outline recommended Cloud Controls Matrix (CCM) domains, sorted according to how often controls within the domains are relevant as a mitigating control. [Mitigations and controls applicable to the nine case studies cover 13 of the 16 Cloud Controls Matrix (CCM) domains.]