Cloud Security Alliance has unveiled its Top Threats to Cloud Computing: Egregious Eleven report, which lists the top 11 cybersecurity problems facing cloud computing users. In this fourth installment, the CSA surveyed 241 industry experts on security issues in the cloud industry. It is the first major update to the list since 2016, when Alliance released the Treacherous 12. The Top Threats Working Group used the survey results along with its expertise to create the final 2019 report. These issues are inherently specific to the cloud and thus indicate a technology landscape where consumers are actively considering cloud migration.  The following issues are often the result of the shared, on-demand nature of cloud computing.

1. Data Breaches

2. Misconfiguration and Inadequate Change Control

3. Lack of Cloud Security Architecture and Strategy

4. Insufficient Identity, Credential, Access and Key Management

5. Account Hijacking

6. Insider Threat

7. Insecure Interfaces and APIs

8. Weak Control Plane

9. Metastructure and Applistructure Failures

10. Limited Cloud Usage Visibility

11. Abuse and Nefarious Use of Cloud Services

Data breaches top the list

We won’t be surprised to see that Data breaches still top the list, unmoved since 2016. It means that data breach is still the primary objective of a targeted attack or merely the result of human error, application vulnerabilities or inadequate security practices. A data breach involves any kind of information that was not intended for public release, including—but not limited to—personal health information, financial information, personally identifiable information (PII), trade secrets and intellectual property.

Insufficient Identity, Credential, Access and Key Management

Identity, credential, access management systems include tools and policies that allow organizations to manage, monitor, and secure access to valuable resources. Cloud computing introduces multiple changes to traditional internal system management practices related to identity and access management (IAM). The report stated that it isn’t that these are necessarily new issues. Rather, they are more significant issues when dealing with the cloud because cloud computing profoundly impacts identity, credential, and access management. In both public and private cloud settings, CSPs and cloud consumers are required to manage IAM without compromising security.

As a result, Insufficient Identity and access management, number 4 in the list of threats has actually grown up and this report suggests an interesting and somewhat new perspective on cloud security. This new outlook focuses on configuration and authentication, and shifts away from the traditional focus on information security (e.g., vulnerabilities and malware).

These security issues are a call to action for developing and enhancing cloud security awareness as the report stated or to choose an on-premise solution because you can only trust what you control and can audit yourself.

Enterprise Solutions and not Cloud Services

We offer a complete enterprise security solution which should cover the needs for a majority of companies, organizations and individuals. Our solutions are opened but not cloud-based. We do not provide a central security hub that you have to trust blindly. We provide a software product via appliances or installers. It is Linux-based and easy to install and maintain. We prefer that you get the full control on your security infrastructure. Yet this is not limited and you can use our solutions for building security services or for securing cloud applications and hosted systems.

A NATO agency, the North Atlantic Treaty Organization which is an intergovernmental military alliance between 29 North American and European countries tapped RCDevs to implement multi-factor authentication across his infrastructure.

NATO’s purpose is to guarantee the freedom and security of its members through political and military means. NATO is committed to the principle that an attack against one or several of its members is considered as an attack against all. This is the principle of collective defense, which is enshrined in Article 5 of the Washington Treaty. NATO is an alliance of countries from Europe and North America. It provides a unique link between these two continents, enabling them to consult and cooperate in the field of defense and security, and conduct multinational crisis-management operations together.

“NATO is probably the biggest intergovernmental military organisation in the world and we’re honored to be working with them”

Charly Rohart CEO of RCDevs

OpenOTP Security Suite has been selected because it’s a comprehensive tool which provides enterprise-grade security solutions suited for multi-factor authentication with OTP / FIDO, federation, identity management, PSD2 compliant secure transactions, electronic signature and SSH Key Management. OpenOTP Security Suite combines mobile technologies with proven security standards to offer the best alternative for professionals and non-professionals requiring cost-effective solutions compatible with their user’s mobility. The fact that our platform integrates seamlessly into any IT infrastructure to enables a centrally-managed security control center has been a determining factor in the choice of our solution.

Meeting partners and clients at RCDevs Afterwork. RCDevs CEO Charly Rohart giving a presentation to a full house on latest trends in of Multi-Factor Authentication – logging into Macbook with OpenOTP Token and proximity access over bluetooth drawing attention.