Download Publication
![Cloud Threat Modeling](https://cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6NDkyNCwicHVyIjoiYmxvYl9pZCJ9fQ==--614e437df2c5de91ebb34f7e014dd9e352e219a6/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJyZXNpemVfdG9fbGltaXQiOlsyMjUsMzAwXX0sInB1ciI6InZhcmlhdGlvbiJ9fQ==--e48aa05a8204ba7d961654dcf72210dd50cd7522/index.jpg)
Who it's for:
- Cloud security practitioners who analyze threats, assess system preparedness, or design cloud systems and services
- CIOs, CISOs, and senior managers
- Developers and architects
Cloud Threat Modeling
Release Date: 07/29/2021
Working Groups: Top Threats Data Security
- The baseline threat modeling processes taken from various standards and best practices
- The differences between standard threat modeling and cloud threat modeling
- How to create a cloud threat model from scratch
- A basic cloud threat model reference
- What should be included in a detailed security design report
- Example cloud threat modeling cards
Download this Resource
Related Resources
Acknowledgements
![Michael Roza](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6Mzc3NCwicHVyIjoiYmxvYl9pZCJ9fQ==--2ee3c93fe3c1fbe44c00209688a02592cb8f251c/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--ce1f0b273c14895214513c640abe6c284218f1db/roza.jpg)
Michael Roza
Risk, Control and Compliance Professional at EVC
Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...
![Vani Murthy](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTgwNTIsInB1ciI6ImJsb2JfaWQifX0=--28f492b81f51b7bb479df2b1f49bbde6264c2a02/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--eb486f3f6b5873e5a4f4e10b34324e47d456ee46/man.png)
Vani Murthy
Sr. Information Security Compliance Advisor, Akamai Technologies
Vani has 20+ years of IT experience in the areas such as Security, Risk, Compliance, Cloud services (IaaS/PaaS/SaaS) architecture
![Sean Heide](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA1OTAsInB1ciI6ImJsb2JfaWQifX0=--6fec6119dd82805dcd73b1f5bee2b5241e75a27e/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGVnIiwiYXV0b19vcmllbnQiOnRydWUsInJvdGF0ZSI6MCwiZ3Jhdml0eSI6ImNlbnRlciIsInJlc2l6ZSI6IjE4MHgyNDBeIiwiYmFja2dyb3VuZCI6Im5vbmUifSwicHVyIjoidmFyaWF0aW9uIn19--bce64e6cd8e04ad10bf1b7b6142bab4d14a520af/sean-h.jpeg)
Sean Heide
Technical Research Director, CSA
![Jon-Michael Brook](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MjQyMTQsInB1ciI6ImJsb2JfaWQifX0=--a7375654b40b8faf0196d2525ed503f465a8aabb/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGVnIiwiYXV0b19vcmllbnQiOnRydWUsInJvdGF0ZSI6MCwiZ3Jhdml0eSI6ImNlbnRlciIsInJlc2l6ZSI6IjE4MHgyNDBeIiwiYmFja2dyb3VuZCI6Im5vbmUifSwicHVyIjoidmFyaWF0aW9uIn19--bce64e6cd8e04ad10bf1b7b6142bab4d14a520af/Jon-Michael_Brook_1676316333698001Ti4g_1676328890534001qP6z.jpeg)
Jon-Michael Brook
Jon-Michael C. Brook is a certified, 25-year practitioner of cybersecurity, cloud, and privacy. He is the principal contributor to certification sites for privacy and cloud security, and has published books on privacy. Jon-Michael received numerous awards and recognition during his time with Raytheon, Northrop Grumman, Symantec, and Starbucks. He holds patents and trade secrets in intrusion detection, GUI design, and semantic data redaction...
![Vic Hargrave](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA2MDIsInB1ciI6ImJsb2JfaWQifX0=--6135c65af2b02bd9a5184f51db621e509dc6da7e/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--eb486f3f6b5873e5a4f4e10b34324e47d456ee46/vic-256.png)
Vic Hargrave
Senior Cyber Analyst/Engineer
Vic Hargrave has 20 years of experience in cybersecurity working for Everfox, Forcepoint Federal, Trend Micro, and VMware developing a broad range of security solutions including user-entity behavior analytics, threat management, and content filtering. Vic specializes in behavior analytics and insider threat risk. He has co-authored several publications with the Top Treat Working Group and is active in the CSA AI Technology and Risk Worki...
![Randall Brooks Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Randall Brooks
![Adalberto Valle Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Adalberto Valle
![Nirenj George Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Nirenj George
![Ken Dunham Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Ken Dunham
![Ebudo Osime Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Ebudo Osime
![Fadi Sodah Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Fadi Sodah
![James Bore Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
James Bore
![Vladi Sandler Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Vladi Sandler
![John Yeoh](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA1MTksInB1ciI6ImJsb2JfaWQifX0=--a03c2f1a27dd5a20dac2bc38b7d9cc55cd815995/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGVnIiwiYXV0b19vcmllbnQiOnRydWUsInJvdGF0ZSI6MCwiZ3Jhdml0eSI6ImNlbnRlciIsInJlc2l6ZSI6IjE4MHgyNDBeIiwiYmFja2dyb3VuZCI6Im5vbmUifSwicHVyIjoidmFyaWF0aW9uIn19--bce64e6cd8e04ad10bf1b7b6142bab4d14a520af/john-yeoh.jpeg)
John Yeoh
Global Vice President of Research, CSA
With over 15 years of experience in research and technology, John excels at executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incid...