Threat Modeling Cloud Migrations


Cloud computing services have gained a lot of popularity in both public and business domains. But due to their dynamic nature, many standard security policies and practices cannot be implemented, which makes cloud services vulnerable to different security threats.

Increasingly, companies are making the transition from traditional on-site data centers to the cloud to avail of the cloud’s lower costs and increased flexibility. However, some companies remain reluctant to make the switch due to their uncertainty in the security of cloud services.

This Working Session will consist of comprehensive threat modeling exercises and methods such as attack surface, attack trees, and attack graphs, with the goal of better understanding and improving the security of cloud services. The result of this Working Session will be a framework that will give companies a much clearer picture about potential risks of moving to the cloud and how to manage those risks.

Why

In today´s rapidly evolving and highly interconnected world, companies need to constantly generate more value from their IT infrastructure. However, achieving this through on-site systems with fixed capacities can be difficult, if not impossible. Cloud services - whether through Azure, AWS or any other provider - give companies a scalable, flexible, and cost-effective way to generate that value.

Unfortunately, cloud services also expose companies to a whole new level of cyber security risks. Since securing cloud services is different from securing an on-site system, a threat model needs to be created to fully understand the risks and how to mitigate them.

What

  • What are the risks?
  • What are the threats, and where do they come from?
  • How do they fit together?
  • What is the attack surface?
  • Can it go further?

Outcomes

  • A framework to help companies identify and manage the risks involved in moving to the cloud, as well as providing them with valuable insights on how to correspond to those risks.

Who

The target audience for this Working Session is:

  • CISO
  • Architects
  • Project Managers
  • Product Owners
  • Anyone with an interest

Working materials

Here are the current ‘work in progress’ materials for this session

(please add as much information as possible before the sessions)

Content

…add content…



Back to list of all Working Sessions and Tracks

Edit this page here