The researchers also list the following as threats the cloud faces:
- Insufficient identity, credential, access and key management.
- Account hijacking.
- Insider threat.
- Insecure interfaces and APIs.
- Weak control plane.
- Metastructure and applistructure failures.
- Limited cloud usage visibility.
- Abuse of cloud services.
Threat and Vulnerability Management (TVM), in particular Vulnerability/ Patch Management (TVM-02), would have been useful in detecting many of the vulnerabilities that were exploited in these incidents.
Human Resources Security (HRS)—and specifically security training—were identified as possible mitigations in six of the nine case studies, as was Security Incident Management, E-Discovery and Cloud Forensics (SEF). Based on these results, "one can conclude that planning for an attack fallout and executing on that plan was paramount to successfully dealing with two-thirds of the incidents cited. Furthermore, Identity and Access Management (IAM) controls were determined to be relevant mitigation for more than half of the incidents," the report says.