Connect with us

Hi, what are you looking for?


Cloud Security

Cloud Security Bolstered by Threat Modeling

Security cannot be extricated from an understanding of the threat landscape, and cloud environments are no exception.

Security cannot be extricated from an understanding of the threat landscape, and cloud environments are no exception.

To that end, a key part of security is threat modeling, which can be used not only to improve cloud security, but also as the starting point of offering security assurance to customers.

“Security decisions are made based upon risk – risk of exposure, risk of breach, risk of loss, risk of availability, etc,” explained David Baker, chief security officer at identity management vendor Okta, who along with Robert Zigweid of ioActive at the Cloud Security Alliance’s [CSA] recent CSA Congress Event.

“Threat modeling,” he told SecurityWeek in an email interview, “is a key method of attaching a real-risk value…at a granular level to technical components of a complex system. Development teams that have successfully implemented a secure development lifecycle leverage threat modeling to identify security flaws in their software even prior to code being written. Thus it can not only help guide risk-based security decisions, but it is used to implement mitigation strategies to the identified threats.”

Threat Modeling Cloud EnvironmentsThis is just as true in cloud environments as it is elsewhere.

Advertisement. Scroll to continue reading.

“Data availability and accessibility to the cloud service provider [CSP] are big concerns,” he said. “For example, how many people or who from the CSP have access to the data that is put into the cloud service. From there, it evolves into how that data might be stored and used. Is the data encrypted at rest? Is there a strong key-management system behind that encryption, or is it just a file-system or database driven encryption?”

Threat modeling, he explained, assigns mitigation or acceptance criteria to these vulnerabilities so that the threat can be evaluated on a risk basis. As an example, he proposed a situation where the concern is the threat that a user’s credentials could be compromised through a service’s Web UI [user interface]. The threat exists due to the Web UI being vulnerable to cross-site scripting and other vulnerabilities, and to accept or mitigate this threat, customers will often demand evidence from the provider that penetration test has been performed on the Web UI to find and fix all injection-based attacks.

Whether or not the vulnerability actually existed, the model has assigned it to the component – in this case the Web UI – and laid out evidence of penetration testing and fixes, said Baker.

According to Zigweid, director of services at ioActive, many threats to cloud computing are outside the control of the customer, and it is up to the cloud provider to provide assurances that these threats are mitigated.

“That being said, there is more to it than just seeing which CSP can provide an external penetration report – that is certainly missing the point of performing the threat models,” he said in an email. “As a customer, you need to understand not only the specifics of how you will be using the cloud service, but also dig into the details of the cloud service that lay outside of your trust boundary, i.e. your security perimeter. What APIs are being used and how? What additional upstream providers are the CSPs using? How is the CSP’s automation tested and validated?”

“To that end, the CSP should be able to not only provide assurances of these components in the form of third-party pen tests and compliance certifications, but should be able to provide test instances for your team to validate and test themselves,” he added. “This last part is the best way to evaluate the security – and transparency – between vendors.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility