fbpx Skip to content

Knowledge Byte: Threat Model for Cloud Service Deployment


Paulo Guimarães


Each service and deployment model has its own risks. The best way to treat risks within cloud is to develop a threat model for the service deployment based on the assets in cloud.

What is a Threat Model?

  • A model of the system (cloud environment), which depicts:
    • The system structure, its components, and the flow of control relationships.
    • The assets (data and function) in the system.
    • The security controls protecting the assets.
  • This model of the system is compared against:
    • A list of potential ‘threat or risk scenarios.’
    • A list of potential attackers, disasters, (natural or man-made), and human error.

Threat Modeling in the Cloud

The objective of the threat model is to identify and assess threats in a cloud service. It involves examining the assets, vulnerabilities, entry points, and actors in the cloud environment.

The threat model shows that everything starts with an owner and ends with an asset. Organizations moving into the cloud need to understand their business ownership and the value of their asset in order to apply appropriate countermeasures or protections. The following figure shows a sample threat model:

Related products to help you upskill

Never miss an interesting article

Get our latest news, tutorials, guides, tips & deals delivered to your inbox.

Please enter your name.
Please enter a valid email address.
Please check the required field.
Something went wrong. Please check your entries and try again.

Keep learning

A Massive Influx Into Remote Work Creates an Opportunity for Hackers

A Massive Influx Into Remote Work Creates an Opportunity for Hackers

While the coronavirus pandemic has infected millions of people worldwide, sending people back to work and study from home, these new habits could benefit cybercriminals....
jurian article

ITIL® 4, Why Should You? What’s New?

By 2019, when ITIL® 4 was finally launched, ITIL had been the leading guidance for IT Service Management for the past three decades. Millions of...

Knowledge Byte: Designing the Cloud to Expect Failure

Designing software for failure is an extra barrier to overcome but isn’t too hard, and it certainly pays off. Largely, it boils down to make...

COVID-19 Response

Digital transformation has never been more relevant than today. Until the end of June, we offer all our industry-recognized certification courses for 50% off. Improve your skills and stand out from the crowd.

Scroll To Top