Survey: Cloud Customers, Not Providers, Increasingly Responsible for Managing Threats 

The responsibility for keeping cloud computing platforms safe is falling increasingly on customers rather than cloud service providers, according to a recent survey.

Many of the security issues that traditionally plagued cloud service providers—like denial of service, system vulnerabilities and data loss—are much less of a problem than they have been in years past, according to researchers at the Cloud Security Alliance. Instead, they found that today’s biggest cloud-related threats exploit the organizations that use the platforms, not the companies that built them.

In a report published Tuesday, researchers ranked data breaches, system misconfigurations and shoddy security architectures as the top three threats facing cloud platforms. While cloud providers and users share responsibility for preventing breaches, the onus for defending against the other two threats falls squarely on the customers themselves, they said.

The report, which was based on a survey of 241 industry tech experts, detailed eight other major threats to cloud security:

• Insufficient identity, credential, access and key management.
• Account hijacking.
• Insider threat.
• Insecure interfaces and APIs.
• Weak control plane.
• Metastructure and applistructure failures.
• Limited cloud usage visibility.
• Abuse and nefarious use of cloud services.

Of the 11 threats detailed in the report, five involved only the customer, and the remaining six implicated both customers and providers, researchers said.

The findings “suggest a maturation of security professionals’ understanding of the cloud and the emerging issues that are harder to address as infrastructure becomes more secure and attackers more sophisticated,” Jon-Michael Brook, who co-chaired the group that wrote the report, said in a statement.

Despite the security concerns, cloud platforms offer organizations significant benefits in terms of computing power, data storage and IT scalability. While federal leaders have for years pushed agencies to move more of their tech ecosystem to the cloud, about nine in 10 systems still reside in government-run infrastructure.