Cloud Security
Protecting data, applications, and infrastructure in cloud environments from threats.
Shared Responsibility
The model where the cloud provider secures the infrastructure and the customer secures what they put in it.
IAM
Identity and Access Management — controlling who can do what in a cloud environment.
Misconfiguration
The #1 cause of cloud breaches — incorrectly configured services that expose data or grant excessive permissions.

What cloud security actually covers

Cloud security is not a single product or setting — it is a discipline that spans multiple domains across the cloud environment:

  • Data security: Encrypting data at rest and in transit; controlling who can access sensitive data; preventing unauthorised exfiltration.
  • Identity and access management (IAM): Defining who has access to what, enforcing least-privilege, and requiring MFA for privileged accounts.
  • Network security: Configuring Virtual Private Clouds (VPCs), security groups, firewalls, and private endpoints to limit exposure.
  • Compliance and governance: Maintaining audit logs, meeting regulatory requirements (GDPR, HIPAA, PCI-DSS), and enforcing security policies through automation.
  • Incident detection and response: Monitoring cloud activity logs (AWS CloudTrail, Azure Monitor, GCP Cloud Logging) for suspicious activity and responding to incidents.
82%
Of data breaches in 2023 involved cloud environments, up from 45% just four years earlier.
#1
Cause of cloud breaches is misconfiguration — not sophisticated attacks. Leaving an S3 bucket public is enough.
$4.75M
Average cost of a cloud breach — higher than the overall average due to the volume and sensitivity of data typically stored in cloud.

The shared responsibility model

Every major cloud provider operates under the shared responsibility model: they are responsible for the security of the cloud (hardware, facilities, network infrastructure, hypervisors), while customers are responsible for security in the cloud (data, applications, operating systems, IAM configuration, network configuration).

This model is frequently misunderstood. Many organisations assume that because they use AWS or Azure, security is handled for them. In reality, misconfigured IAM roles, publicly accessible storage buckets, and unpatched customer-managed VMs are entirely the customer's responsibility — and the most common sources of cloud breaches.

The misconfiguration epidemic: In 2019, Capital One suffered a breach of 106 million customer records due to a misconfigured AWS Web Application Firewall. The attacker used Server-Side Request Forgery (SSRF) to access the EC2 metadata service, retrieve credentials, and exfiltrate data from S3 buckets with excessive permissions.

Common cloud security threats

  1. 1
    Misconfiguration — Publicly accessible storage buckets, overly permissive IAM roles, exposed management consoles, and security groups with 0.0.0.0/0 ingress rules. The most common and impactful threat class.
  2. 2
    Compromised credentials — Cloud access keys and tokens hardcoded in source code, committed to public GitHub repositories, or stolen through phishing. Attackers scan GitHub continuously for leaked AWS keys.
  3. 3
    Insecure APIs — Cloud services are managed and accessed through APIs. Poorly authenticated APIs, overly permissive API keys, or APIs without rate limiting expose management capabilities to attackers.
  4. 4
    Account hijacking — Phishing, credential stuffing, or password reuse targeting cloud management console accounts. Without MFA on root/admin accounts, a single credential compromise can be catastrophic.
  5. 5
    Insider threats — Employees or contractors with excessive cloud permissions who intentionally or accidentally exfiltrate or destroy data. Least-privilege and activity monitoring are key controls.

Essential cloud security controls

Effective cloud security is built on these fundamentals:

  • Enable MFA everywhere: MFA on all user accounts, especially root/admin. Never use root credentials for routine operations.
  • Least-privilege IAM: Grant only the permissions needed for the task. Review and remove unused roles regularly. Use IAM Access Analyzer to find overly permissive policies.
  • Encrypt everything: Enable encryption at rest for all storage services. Enforce HTTPS/TLS for all data in transit. Manage keys with a dedicated service (AWS KMS, Azure Key Vault, GCP Cloud KMS).
  • Enable audit logging: AWS CloudTrail, Azure Activity Log, GCP Audit Logs — all cloud management actions should be logged, retained, and monitored for suspicious activity.
  • Run Cloud Security Posture Management (CSPM): Automated tools that continuously scan for misconfigurations, unused access keys, publicly accessible resources, and compliance violations.
Learn cloud security in CEH v13 and Security+

CEH v13 covers cloud attack techniques and misconfigurations. CompTIA Security+ SY0-701 includes a dedicated cloud security domain covering hybrid environments and shared responsibility.

View Courses