Rethinking Your Threat Models for the Cloud

The cloud scrambled context for defenders who are accustomed to leaning on their understanding of traditional on-prem architecture

In this post I aim to clarify the unique approaches needed to defend cloud systems by discussing the architecture underpinning the cloud, the resulting threat model, and finally, how attackers abuse such systems.

The discussion begins with a brief overview of traditional on-premises architecture, highlighting the vulnerable points that attackers typically target. This is followed by an examination of the architecture provided by your cloud service provider (CSP). Next, I delve into the fundamentals of cloud architecture, exploring the new threat model that emerges as a result. This leads to an exploration of the tactics attackers employ to infiltrate cloud-deployed resources.

To conclude, once we establish the unique aspects of cloud environments, I emphasize a cloud-native approach that attackers use to exploit vulnerabilities. I also discuss how defenders should prioritize visibility within the cloud environment.