Human Factor Moves to No. 1 Cloud Threat in Cloud Security Alliance Report

The top cybersecurity threat in the cloud has changed from a couple years ago, according to a new report from the Cloud Security Alliance (CSA), which provided handy mitigation strategies and suggested AI can help (or hurt).

CSA recently published its Top Threats to Cloud Computing 2024 with data that is most interesting when compared to a similar 2022 report.

Comparing the two shows a familiar culprit has attained top-threat status: people. Specifically, in 2024 Misconfiguration & Inadequate Change Control has overtaken Identity & Access Management (IAM).

Top Threats Compared
[Click on image for larger view.] Top Threats Compared (source: CSA).

"Traditional cloud security issues often associated with cloud service providers are continuing to decrease in importance," a spokesperson told Virtualization & Cloud Review. "These findings continue the trajectory first seen in the 2022 report, along with the fact that threats such the persistent nature of misconfigurations, Identity and Access Management (IAM) weaknesses, insecure application programming interfaces (APIs), and the lack of a comprehensive security strategy continue to rank high, highlighting their ongoing critical nature."

A Problem That Persists

This finding is nothing new, as a Thales report recently reached the same conclusion, along with several other similar studies (see "Cloud Security: Despite All the Tech, It's Still a People Problem").

"Human action can compromise security," said Thales in a cloud security report last month, the fourth in a series from the global technology company. "Fueling this concern is the high number of cloud data breaches, with 44 percent of respondents reporting such an incident. 14 percent reported a breach in the past 12 months. Human error, issues with vulnerability and configuration management, and failures to use Multi-Factor Authentication (MFA) are all cited as leading contributors."

Causes of Breaches
[Click on image for larger view.] Causes of Breaches (source: Thales).

Yet other reports from earlier in the year sported similar themes (see Misconfigurations Continue to Plague Cloud Security, New Reports Say").

At that time, a CSA chart showed security misconfigurations as the No. 2 contributor to outages, below cloud provider issues.

Several of the top contributors can be tied back to human error or misconfiguration
[Click on image for larger view.] "Several of the top contributors can be tied back to human error or misconfiguration" (source: CSA).

This has been an ongoing, high-profile problem for years, and despite all the publicity and mitigation advice it shows no signs of being lessening.


Featured