6. Malicious Insiders
In an IaaS, PaaS or SaaS environment that isn't built with the proper security, a malicious insider such as a system administrator can gain access to sensitive information, according to the report.
Systems that depend solely on the cloud service provider for security are at great risk, the CSA said. "Even if encryption is implemented, if the keys are not kept with the customer, and only available at data-usage time, then the system is still vulnerable to malicious insider attack," the CSA said in its report.