The report identified misconfiguration and inadequate change control as the leading cloud security threats followed by identity and access management issues, insecure interfaces and APIs, and poor execution of cloud security strategies -- all weaknesses that are influenced heavily by human actions.