Skip to main content

Chapter 8 · Cloud Security

Scope note: this chapter covers cloud-specific security — the operator's view. It deliberately does not re-teach general application security (input validation, web vulnerabilities, cryptography internals, threat-modeling theory). That is the job of the Modern Security Engineer Guide, which this chapter cross-links rather than duplicates. Here we ask the cloud-operations question: given the systems you've built in Chapters 1–7, how do you keep them safe?

Security has been a thread through this entire guide — the shared-responsibility model (Ch. 1), least privilege and machine roles (Ch. 2), private subnets and security groups (Ch. 2), config and secrets (Ch. 4), golden paths (Ch. 7). This chapter gathers those threads and completes them into a coherent practice. The framing comes straight from Chapter 1: the provider secures the cloud; you secure what's in it — and that customer-side configuration is where almost every real cloud breach happens.

Why this chapter matters

The headline fact of cloud security is that breaches are overwhelmingly caused by misconfiguration on the customer's side — a public bucket, an over-permissive IAM role, a leaked long-lived key, an exposed database — not by the provider's infrastructure failing. Cloud security is therefore mostly about getting your configuration right and making the secure choice the default one. This chapter turns the scattered security habits from earlier chapters into a deliberate, automated practice that scales across a whole organization.

The durable idea

Most cloud breaches are customer-side misconfiguration. Default to least privilege, eliminate long-lived keys, keep secrets out of code, isolate and verify the network, verify your supply chain, and prove all of it continuously — and make every one of those the easy, default path (the golden path of Chapter 7).

These principles are durable; the specific scanners, vendors, and compliance checklists are dated. Throughout, we name today's tools so you recognize them on the job, but we isolate them as the volatile layer over an evergreen concept.

Lessons in this chapter

  • 8.1 — The shared-responsibility model in practice. What actually goes wrong in the cloud and why "secure the configuration" is the core job. Reading the responsibility line for any service, and the cloud threat model (exposed storage, credential leaks, over-permissive IAM, public databases).
  • 8.2 — Identity is the new perimeter. IAM deep-dive: policy evaluation order, least privilege, RBAC vs ABAC, permission boundaries, privilege-escalation paths, and CIEM for over-permissioned roles.
  • 8.3 — Workload identity & keyless auth. Killing long-lived static keys with OIDC federation, IRSA / Workload Identity, and short-lived credentials — for both CI pipelines and running workloads.
  • 8.4 — Secrets & encryption. The secret lifecycle: dedicated managers (Vault, cloud secret services), dynamic/short-lived secrets, rotation, KMS and encryption-at-rest, and never committing secrets to Git.
  • 8.5 — Network security & zero trust. Defense in depth, private endpoints, egress control, Kubernetes NetworkPolicies, mTLS and segmentation, and what "zero trust" actually means.
  • 8.6 — Supply-chain & image security. Securing what goes into your deployments: minimal/distroless non-root images, CVE scanning, SBOMs, and signing/verifying artifacts at admission.
  • 8.7 — Posture, policy-as-code & continuous compliance. Detecting misconfiguration continuously (CSPM), preventing it with policy-as-code admission control, the CNAPP consolidation, runtime threat detection, and compliance as continuous evidence.
  • 8.8 — Checkpoint. Quiz emphasizing the customer-side misconfiguration theme and least-privilege reasoning.

Where this connects

  • Back to Chapters 1, 2, 4 — this chapter completes shared responsibility, IAM least privilege, network isolation, and secrets.
  • Across to the Modern Security Engineer Guide — for application security, cryptography, and threat-modeling theory that aren't cloud-specific.
  • Back to Chapter 7 — secure-by-default golden paths are how security scales across an organization without becoming a bottleneck.

Next: 8.1 The shared-responsibility model in practice →