Overview of Risks, Threats, and Vulnerabilities Faced in Moving to the Cloud

July 2019 • Technical Report

Timothy Morrow, Kelwyn Pender, Carrie Lee (U.S. Department of Veteran Affairs), Donald Faatz

This report, updated in October 2020, examines the changes to risks, threats, and vulnerabilities when applications are deployed to cloud services.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2019-TR-004

DOI (Digital Object Identifier):

10.1184/R1/12363569.v2

Subjects

Abstract

As organizations develop new applications in or migrate existing applications to cloud services, they face changes in securing their information and applications. This report examines the changes to risks, threats, and vulnerabilities when applications are deployed to cloud services. Five cloud-unique threats and risks are identified along with seven threats and risks that exist on-premises and in cloud computing. For each of these threats and risks, recommendations are made for managing and mitigating the threats and risks when using cloud services.

In October 2020, this report was updated to

add information about containers and orchestration
update risk #5 Incomplete Data Deletion
add new risk #13 Risks Transfer Between CSP and Customers

Download PDF

Cite This Report

SEI

Morrow, Timothy; Pender, Kelwyn; Lee, Carrie; & Faatz, Donald. Overview of Risks, Threats, and Vulnerabilities Faced in Moving to the Cloud. CMU/SEI-2019-TR-004. Software Engineering Institute, Carnegie Mellon University. 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=551354

IEEE

Morrow. Timothy, Pender. Kelwyn, Lee. Carrie, and Faatz. Donald, "Overview of Risks, Threats, and Vulnerabilities Faced in Moving to the Cloud," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2019-TR-004, 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=551354

APA

Morrow, Timothy., Pender, Kelwyn., Lee, Carrie., & Faatz, Donald. (2019). Overview of Risks, Threats, and Vulnerabilities Faced in Moving to the Cloud (CMU/SEI-2019-TR-004). Retrieved September 20, 2021, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=551354

CHI

Timothy Morrow, Kelwyn Pender, Carrie Lee, & Donald Faatz. Overview of Risks, Threats, and Vulnerabilities Faced in Moving to the Cloud (CMU/SEI-2019-TR-004). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=551354

MLA

Morrow, Timothy., Pender, Kelwyn., Lee, Carrie., & Faatz, Donald. 2019. Overview of Risks, Threats, and Vulnerabilities Faced in Moving to the Cloud (Technical Report CMU/SEI-2019-TR-004). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=551354

BibTex

@techreport{MorrowOverviewof2019,
title={Overview of Risks, Threats, and Vulnerabilities Faced in Moving to the Cloud},
author={Timothy Morrow and Kelwyn Pender and Carrie Lee and Donald Faatz},
year={2019},
number={CMU/SEI-2019-TR-004},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=551354} }

Ask a question about this Technical Report

Software Engineering Institute