Cloud Security Alliance report urges new defences for cloud

The Cloud Security Alliance has published its latest Top Threats to Cloud Computing Deep Dive 2025 report, detailing critical cloud security incidents and offering actionable guidance for organisations.

The report analyses eight real-world breaches involving organisations including a multinational technology conglomerate, an Australian sports governing body, a multinational automotive manufacturer, and a cybersecurity technology company. Developed by the alliance's Top Threats Working Group, the cases are mapped against relevant Cloud Controls Matrix controls, providing threat models and detailed narratives describing the circumstances of each breach.

The report expands on the findings of the previous year's Top Threats to Cloud Computing documentation by examining how those vulnerabilities and security weaknesses have played out in actual incidents. According to the authors, these breaches illustrate persistent patterns and misconfigurations that malicious actors have exploited.

Michael Roza, Co-Chair of the Top Threats Working Group and one of the lead authors of the paper, said: "The vulnerabilities, threats, and security weaknesses outlined in Top Threats to Cloud Computing 2024 have materialized in real-world breaches, exposing recurring failure patterns and misconfigurations that attackers continue to exploit. By analyzing these incidents, we have identified actionable lessons that organizations can adopt today to enhance cloud security and mitigate breach risks."

The report draws attention to recurring security gaps, with a particular focus on the impact of identity and access management, supply chain risks, and the evolving nature of threat actors targeting cloud environments. It emphasises that these factors have continued to influence the frequency and impact of cloud security breaches across all sectors.

Key takeaways outlined for cloud users, builders, and defenders include the need for security practices that consider both human error and persistent threats, and underline that identity and access security controls are essential for robust cloud security.

The report also highlights that shared responsibility between cloud service providers and customers remains vital, urging clear delineation and enforcement of role-specific security practices. Continuous monitoring and real-time detection are recommended as critical components for incident prevention and response.

Supply chain security is identified as an area requiring further attention, with calls for strengthened processes and oversight. The report further suggests that proactive cloud governance plays a significant role in reducing long-term risk exposure for organisations operating in the cloud.

Another recommendation is that incident response plans and recovery strategies must be tailored specifically to the cloud environment, rather than repurposing traditional on-premises approaches. Security testing and validation, the report notes, should be extended beyond production environments to cover the full cloud lifecycle.

The Top Threats Working Group's goal is to equip organisations with the latest expertise regarding cloud security risks, threats, and vulnerabilities, thereby supporting informed risk management decisions for cloud adoption. The group has invited individuals interested in contributing to its ongoing research and initiatives to join its efforts.