Today’s cloud security requires a new way of looking at threat models. Making a threat model can support your security teams before problems start. It helps them develop a strategy for handling existing risks, instead of detecting incidents at a later stage. Let’s walk through how to create a threat model that works for your cloud landscape.

The Open Web Application Security Project (OWASP) defines threat modeling as “a process for capturing, organizing and analyzing all of the information [that affects the security of an application].”

By the end of making one, you should have a list of “security improvements to the concept, requirements, design or implementation.”

Why Does Threat Modeling Matter?

A threat model shows parameters that explain a threat. For example, it might cover the built-in risk factors, threat agents, potential attack road maps, business impact assessments and remedies. In the field of software security, threat models help spot threats to systems and data — from tech-driven threats such as web exploits to wider risks such as unwanted system access or insecure data storage.

There are many threat assessment methodologies, like Microsoft’s STRIDE. STRIDE —  which stands for Spoofing, Tempering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege — helps security experts and developers find threat vectors in these categories.

Creating a threat model at the design stage helps throughout the system development life cycle. Teams can learn the controls and automate cloud security infrastructure from beginning to end. Therefore, threat modeling should occur at an early stage of your system development.

Let’s get started. Here are the best steps to building a threat model.

1. Choose the Right Team for Your Cloud Security

A threat modeling process should include people from teams across different disciplines. A security team member will serve as the risk owner of the process. The security team, web developers, software engineers, operations team and business segment owners might all be important members.

Working with the expertise of multiple, mixed groups involved in app development, testing scenarios and business delivery will provide a more holistic vision of what you are designing. That includes what could go wrong in the process and how to rectify or mitigate risk over the long term.

2. Understand the Boundaries of the System

Once your team is ready, it’s time to analyze what the trust zones and scope of the system are. Just be cautious not to make the system boundary too large — as you increase the scope of the boundary, it gets more difficult to model. Map out all the application architecture to understand the data flows and actors involved. A data flow diagram is the usual way of doing this.

OWASP has some guidelines, which look at the following factors:

  • The trust boundaries modeled within the system.
  • The threat actors or agents that interact within and outside of the trust boundaries of the system.
  • Information flows in various directions within and to/from the trust boundaries.
  • Information persistence within and outside of trust boundaries for data modeling.
  • The potential threats and existing risks to these trust boundaries.
  • Threat actors or agents that exploit known openings.
  • The impact and likelihood a threat agent could exploit an opening.

3. Consider Risk Factors to Cloud Security

When you have a list of threats to your applications and system, you need to determine what type of controls you will put in place to reduce them. If you don’t configure the various things required to implement the system boundaries properly, they could impact your threat model in a big way.

For example, take a look at your cloud security infrastructure design and the control plane services to start with. Many companies face at least one critical security misconfiguration. The term “critical” was coined because some configuration issues allow an attacker to gain access directly to private database services on the cloud provider management console. These issues could also be used to hide criminal activity from auditing and monitoring services. The increased volume of data breaches happening via open ports on the cloud impacts workloads on cloud providers’ private and public subnets.

Once your assembled team has defined what your app threat model is and the most important production applications, it’s time to work on a remediation plan.

4. Execute a Remediation Plan

The first and foremost step in designing this plan is to rank the risks based on which are the most severe. You could do this using a ranking method in risk assessment methodology. Next, rank each threat that exploits a vulnerability by how critical it may be. Choose a team member to fix these threats from high to low, starting with the most critical. You must define a risk owner for every risk to ensure someone covers all your threats.

In the cloud, your workloads will access other services at various entry points via an application programming interface call or via other external users. Other mechanisms help in accessing a cloud-native environment from an on-prem data center. For example, you might encounter a cloud access security broker architecture or federated identity management. In that case, you should try to minimize the access with trust zone boundaries and entry zones. Using a cloud service provider, like an Amazon Web Services (AWS) architecture framework, Google Cloud Platform, or Microsoft Azure, ensures that you provide a consistent and measured approach across your risks to mitigate them without any performance or scaling issues.

There are various threat modeling tools on the market. For example, the OWASP Threat Dragon and Microsoft’s threat modeling tool provide various built-in features that help to deploy apps in the cloud. These restrict access based on roles or attributes and public key infrastructure services. That helps to keep systems safe without making the team less secure or less efficient.

5. Audit and Monitor Workloads

It’s important to understand the need to monitor and track your apps’ status on the cloud on an ongoing basis. You can do this using tools like Azure monitor logs and storage analytics or AWS cloud trail and cloud watch logs. Other popular cloud platforms, like Caveonix and IBM OpenStack, help improve application pervasiveness and provide layered and cloud-native security.

The big advantage of threat modeling is that it helps provide a holistic view of potential issues by focusing on threats, not weaknesses. This will make your cloud security posture more robust.

Simply put, threat modeling is a logical way of thinking about what your system and apps can or cannot do. By focusing on threats rather than weaknesses, you can leverage your technical niche and get a wider view of your posture using a cloud-native approach.

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today