The organization dedicated to defining standards, certifications, and best practices, the Cloud Security Alliance, released the Cloud Threat Modeling guide. Top Threats Working Group, the document provides professionals in the field with critical guidance on conducting threat modeling for cloud applications, services, and surrounding security decisions.
Exercise to create own cloud threat model
Cloud Threat Modeling guide offers cloud threat modeling cards and a reference model that allow organizations to create their own cloud threat model, thereby honing the risk management process and improving their overall cybersecurity program. It is an essential practice for software and systems security and it’s imperative that organizations develop a structured and repeatable approach. John Yeoh, Global Vice President of Research at Cloud Security Alliance said,
“Cloud threat modeling paves the way for deeper security discussions. It provides organizations with a framework for not only assessing their security controls and hence, their gaps, but a means of developing appropriate mitigation steps. In today’s cloud-dominant business environment, where a great deal of abstraction and poorly defined shared responsibility boundaries still persist, cloud threat modeling allows organizations to reach cloud design and threat mitigation decisions faster and more efficiently.”