CSA: Cloud missteps fuel real-world breaches

The Cloud Security Alliance has released its Top Threats to Cloud Computing Deep Dive 2025 report, analyzing eight real-world cloud breaches and outlining clear steps to prevent similar incidents, reports IT Brief New Zealand.

The study features breaches affecting diverse organizations, from tech and automotive giants to sports and cybersecurity entities, and maps each event to the Cloud Controls Matrix, highlighting the role of identity mismanagement, supply chain exposure, and shared responsibility failures.

“The vulnerabilities, threats, and security weaknesses outlined in Top Threats to Cloud Computing 2024 have materialized in real-world breaches,” said Michael Roza, Co-Chair of the Top Threats Working Group, emphasizing the urgency of proactive security controls. The report urges stronger identity and access management, tailored incident response plans, and continuous monitoring. It also warns that many organizations still apply outdated on-premise approaches to cloud environments. The authors call for better governance, deeper supply chain visibility, and reinforced customer-provider role clarity to reduce the frequency and impact of cloud-based attacks.