CYBR650 Blog #1: Threat Modeling in Cloud Computing

While cloud service providers promise you the world of increased security, scalability, and a seemingly endless number of features, those who have actually worked on the systems can attest to the horrors of attempting to secure them; however, by use of threat modeling, this often-daunting task can be relatively simple.

I am finally in my last semester of my master’s degree in cybersecurity! One of my current courses, Current Trends in Cybersecurity, requires that I regularly create blog posts on the week’s topics.

For our first week of class, we explored threat modeling and its various subjects. As most of the world has either already made the switch to cloud computing for some of their systems or are in the process of transitioning, I figured I would discuss threat modeling on a cloud system.

Cloud computing is currently revolutionizing organizations worldwide with the promise of easily accessible resources, reduced hardware costs, and increased confidentiality, integrity, and data availability. However, cloud computing poses several risks if not adequately planned, built, managed, and secured.

One of the most significant areas that can cause issues is network infrastructure preparedness; this is usually due to the lack of proper Cloud training. It can be challenging to find I.T. personnel knowledgeable in the operational and developmental skills required in Cloud computing. When the Cloud infrastructure is not service enabled, the automation of operational processes and tasks cannot be performed. Another potential problem area is managing policies. These policies secure the Cloud, ensure a high level of performance, and maintain the network’s availability. Policies must be flexible so they can work on a per-project basis and be continuously updated and checked. Inter-Cloud architecture can be tricky as well, especially when dealing with hybrid Clouds; these situations can need specific data center architecture requirements. Maintaining flexible communication through public, private, and hybrid clouds is also crucial. Finally, Cloud security is a significant part of any Cloud network. While all data is potentially accessible to anyone on the network, ensuring that data does not fall into the wrong hands is very important (McKendrick, 2014).

For this reason, a team of I.T. professionals skilled in Cloud computing should monitor the network, policies, and hardware to ensure that the highest level of security possible is always obtained. Many businesses choose to switch to cloud computing solely to drive down costs by migrating their applications. However, very few applications are ready to seamlessly move to the Cloud, as most have not been configured to do so yet. Instead, it is recommended to move applications to a managed hosting provider. It is also important to remember that their business will not instantly be like other cloud-based applications such as Facebook by just switching to the Cloud; while I wish this was true, it takes many complex solutions such as using a wide range of vendors, extensive mainframe technologies, and an abundance of hardware for this to happen (MacVittie, 2014).

So, with the long list of possible risks associated with cloud computing, how would one go about developing a threat model for identifying, mitigating, eliminating, or transferring all potential threats and vulnerabilities?

Due to the complexity of cloud systems, as well as the sophistication of the threat modeling process, the simplest method to create a threat modeling process is merely to use of the already-built frameworks, including the Microsoft Security Development Lifecycle (S.D.L.), Data Follow Diagram (DFD), S.T.R.I.D.E., Practical Threat Analysis (P.T.A.), among many others (Amini, Jamil, Ahmad, & Z’aba, 2015).

Whichever threat model one chooses, one of the most vital steps in the process is designing a model that shows how data flows and is stored in the cloud network; this includes every piece of hardware, software, system, and network that the Cloud will interact with, within reason. Identifying what assets are involved and who has access to them is an excellent beginning task. Next, classifying each asset by its value is helpful; this would include the asset’s financial worth (cost of replacement), what data is stored (and how important it is), and a quick analysis of the possible threats and vulnerabilities it may face (Shostack, 2014).

Assets can come in various mediums, such as physical hardware, software, networks, systems, and data types, such as sensitive personnel information and financial data. As many cloud providers offer their products and services based on S.L.A.s (service level agreements), understanding what assets and processes are managed by both parties is essential to the cloud network’s continued success and security. The following questions should be asked during the threat modeling process:

  • Why does this cloud network/computing system exist?
  • What do we need it to do?
  • What is it currently doing?
  • What assets are involved?
  • Who owns each asset?
  • What does the contract state regarding security management and incident response events?
  • What are the S.L.A. specifics regarding the cloud network/computing system?
  • What could go wrong with the cloud network/computing model?
  • What would happen if something did go wrong?
  • Is our data backed up?
  • How is it backed up?
  • Who is involved in this project?
  • Who is responsible for maintaining the cloud network/computing model?
  • Who is responsible for securing the cloud network/computing model?

(Amini, Jamil, Ahmad, & Z’aba, 2015)

While these are just a few samples of the questions that need answering in a threat modeling process, they should provide a general idea of the immense information required to identify threats and find potential solutions accurately.

Now that the basics are covered, one should understand how the cloud network/computing model functions and an idea of possible vulnerable areas. Brainstorming with those who are responsible for or work on the cloud network/computing model should now happen to jointly identify the long list of vulnerabilities that the cloud network/computing model might have. It is important to note that not all found threats need to be researched entirely and modeled, but at least talking about every possible thing that can go wrong can help the overall project by not limiting ideas (Shostack, 2014).

A more thorough vulnerability scan can be performed after this happens, often by utilizing penetration tests and network scans. Furthermore, testing can be performed on the network or cloud computing model that looks for errors due to negligence, user error, or even DDoS attacks by merely stress testing the system. For example, the following questions would be helpful to answer:

  • What would happen if an enormous number of users attempted to log into the system at the same type (like a DDoS attack)?
  • What would happen if the system were not updated regularly?
  • How difficult is it to log into the system (any authentication measures like M.F.A., S.S.O., etc.?)
  • What are the password complexity and renewal requirements?
  • How are those who use and work on the system trained?

Again, this is merely scratching the surface, but it should give a quick understanding of what is involved.

Once the list of possible threats to the cloud network/computing model is created and narrowed down to a reasonable number of vulnerabilities and risks that either may potentially occur or, in the case they happen, would be catastrophic to the system as a whole, classifying each threat shall give those who manage and secure the system an actionable itemized list of dangers. By ranking each threat with metrics such as the asset’s value, the likelihood of the event from occurring, and the impact of the event (what would go wrong), the threat modeling process is well underway to allowing individuals with even limited technological knowledge (such as upper management), in understanding the risks and dangers involved in the cloud network/computing model (Shostack, 2014).

As the sophistication of cloud systems is relatively high, threat modeling will be a long and strenuous process; however, failing to take the time to plan this out can turn even the most well-built cloud system into a problem-ridden money pit. Using the information in this post, one should be able to begin their steps of mitigating, eliminating, or transferring each possible threat and vulnerability, allowing for increased security of the cloud system, improving its performance, and the confidentiality, availability, and integrity of its data.


Shostack, A. (2014). Threat modeling: Designing for security. Indianapolis, IN. Wiley.

McKendrick, Joe. (2014). Forbes. 9 ‘Worst Practices’ To Avoid with Cloud Computing. Retrieved March, 22, 2021, from

MacVittie, Lori. (2014). Six Common Challenges of Cloud Implementations. Retrieved March 22, 2021, from

Amini, A., Jamil, N., Ahmad, A., & Z’aba, M. (2015, July 15). Threat modeling approaches for securing cloud computing. Retrieved March 22, 2021, from,for%20deploying%20cloud%20computing%20security.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s