Progress is offering over 50 enterprise-grade UI components from Progress® KendoReact™, a React UI library for business application development, for free.
Leaders of the (Threat) Pack: Misconfigurations, IAM and Insecure APIs
September 23, 2024
It's likely you've heard of the Rat Pack. Decades later, along came the Brat Pack. And today, there's the Threat Pack. While they might not be making headlines on stage or on screen, this dubious group of leaders is making headlines in other ways, most recently as part of the Cloud Security Alliance's Top Threats to Cloud Computing 2024(link is external). This bi-annual survey, which polls enterprises and individuals on what they see as the greatest threat or risk to their cloud environment, encapsulates the most critical security issues that enterprises are currently facing in the cloud space.
This year's top threats included some familiar faces and a few new ones. And, while there have been a few shake ups, what's most interesting is that not too much has changed since we last asked the question in 2022. For the most part, many of the same threats made the list. What has changed is the order in which they appear. For example, Misconfiguration and Inadequate Change ControI moved up from third place in 2022 to the top spot this year. Identity and Access Management (IAM), meanwhile, took top billing two years ago, but moved down to second place this year, bumping Insecure Interfaces and APIs down to #3.
The fact that there has been movement is great, as it indicates progress in the industry while simultaneously demonstrating a growing trust in the cloud. Digging a little deeper, the fact that these issues have remained at or near the top of the list speaks strongly to the importance cloud practitioners place on addressing these risks when it comes to securing their cloud environments.
Given that, the top three threats should come as no surprise to anyone in the cloud space. As we are all too well aware, the issues that are the most challenging to address are those that stem from factors out of our control. Point in case are the updates vendors seem to push out on a frequent basis, each of which has a significant impact on how a cloud environment's backend works. Solving for this has been a long-running discussion, and one that's becoming even more complex as we move into the realm of artificial intelligence. Whereas previously the challenge centered on how to properly manage users, that same challenge still exists but with an added layer of how to best secure non-human identities(link is external).
The good news is that while challenges are mounting in one area, there is one sector where we seem to be improving — data exfiltration. This is a hugely important topic, but one that fell off the list of top threats this year. And while it's entirely possible that companies just aren't seeing a lot of attacks on their data, I think it's more likely that a stronger regulatory environment has been a key factor in pushing this down the list. The financial services and healthcare sectors — both of which are among the biggest users of cloud — have begun taking a much stronger stance when it comes to hardening data controls. The results are telling: Thanks to these enhanced regulations, companies are in a better position to prevent and mitigate these types of attacks.
Not to be discounted, the following threats rounded out our top 11 this year. Starting with #4, they are as follows (2022 ranking is shown where relevant):
4. Inadequate selection/Implementation of cloud security strategy (#4)
5. Insecure third-party resources (#6)
6. Insecure software development (#5)
7. Accidental cloud data disclosure (#8)
8. System vulnerabilities (#7)
9. Limited cloud visibility/Observability
10. Unauthenticated resource sharing
11. Advanced persistent threats (#10)
The survey also uncovered several themes that we think are likely to shape the future of cloud computing, specifically the increased sophistication of attacks, the ever-growing risk to the supply chain, the rise of Ransomware-as-a-Service, and finally, as mentioned above, an evolving regulatory landscape.
Whereas our list of top threats is by no means exhaustive, it does give a clear snapshot of the challenges companies are currently facing. Taking it a step further, it's our hope that it provides a framework companies can use to ensure their cloud initiatives align with larger strategic goals and that they are allocating their resources effectively to mitigate both financial and reputational risks.
Industry News
March 13, 2025
Opsera announced a new Leadership Dashboard capability within Opsera Unified Insights.
March 13, 2025
Cycloid announced the introduction of Components, a new management layer enabling a modular, structured approach to managing cloud resources within the Cycloid engineering platform.
March 12, 2025
ServiceNow unveiled the Yokohama platform release, including ServiceNow Studio which provides a unified workspace for rapid application development and governance.
March 12, 2025
Sonar announced the upcoming availability of SonarQube Advanced Security.
March 12, 2025
ScaleOut Software introduces generative AI and machine-learning (ML) powered enhancements to its ScaleOut Digital Twins™ cloud service and on-premises hosting platform with the release of Version 4.
March 11, 2025
Kurrent unveiled a developer-centric evolution of Kurrent Cloud that transforms how developers and dev teams build, deploy and scale event-native applications and services.
March 11, 2025
ArmorCode announced the launch of two new apps in the ServiceNow Store.
March 10, 2025
Parasoft(link is external) is accelerating the release of its C/C++test 2025.1 solution, following the just-published MISRA C:2025 coding standard.
March 10, 2025
GitHub is making GitHub Advanced Security (GHAS) more accessible for developers and teams of all sizes.
March 10, 2025
ArmorCode announced the enhanced ArmorCode Partner Program, highlighting its goal to achieve a 100 percent channel-first sales model.
March 06, 2025
Parasoft(link is external) is showcasing its latest product innovations at embedded world Exhibition, booth 4-318(link is external), including new GenAI integration with Microsoft Visual Studio Code (VS Code) to optimize test automation of safety-critical applications while reducing development time, cost, and risk.
March 06, 2025
JFrog announced general availability of its integration with NVIDIA NIM microservices, part of the NVIDIA AI Enterprise software platform.
March 06, 2025
CloudCasa by Catalogic announce an integration with SUSE® Rancher Prime via a new Rancher Prime Extension.
March 05, 2025
MacStadium(link is external) announced the extended availability of Orka(link is external) Cluster 3.2, establishing the market’s first enterprise-grade macOS virtualization solution available across multiple deployment options.
