Cloud Security

This section covers the language of cloud-native defense: shared responsibility, posture management, workload identity, container security, and cloud access boundaries.

Use it when the term is tied to public cloud, SaaS, or cloud-native operating models.

Core Articles

• Shared Responsibility Model
• Cloud Security Posture Management
• Container Security
• Kubernetes RBAC
• Cloud Workload Protection
• Identity Federation
• Workload Identity
• Secrets Manager
• Security Group
• Virtual Private Cloud
• Secure Configuration
• Configuration Drift
• Immutable Infrastructure
• VM Escape
• Cloud Detection and Response
• Key Management Service
• Cloud Access Security Broker

Related Foundations

Cloud security depends on Least Privilege, Secrets Management, Network Segmentation, and Authentication because cloud risk comes from identity, configuration, workload behavior, and exposure together.

In this section

• Cloud Access Security Broker
  A cloud access security broker is a control layer that gives organizations visibility and policy enforcement between users or systems and cloud services.
• Cloud Detection and Response
  Cloud detection and response is the practice of identifying, investigating, and responding to security threats in cloud environments using cloud-native telemetry and workflows.
• Cloud Security Posture Management
  Cloud security posture management helps organizations continuously assess cloud configurations and identify risky settings or policy drift.
• Cloud Workload Protection
  Cloud workload protection focuses on securing running cloud workloads such as virtual machines, containers, and application services.
• Configuration Drift
  Configuration drift is the gradual difference that develops between the intended secure configuration of a system and the way it is actually running.
• Container Security
  Container security is the practice of protecting containerized applications, images, runtimes, and related orchestration workflows.
• Identity Federation
  Identity federation allows one trusted identity system to support access or sign-in across another system or security boundary.
• Immutable Infrastructure
  Immutable infrastructure is the practice of replacing systems with newly built versions instead of modifying running systems in place.
• Key Management Service
  A key management service is a managed platform capability for creating, protecting, and controlling the use of cryptographic keys.
• Kubernetes RBAC
  Kubernetes RBAC controls which users, groups, or service accounts can perform specific actions inside a Kubernetes cluster.
• Secrets Manager
  A secrets manager is a service or tool used to store, retrieve, and control access to sensitive credentials and key material.
• Secure Configuration
  Secure configuration is the practice of setting up systems, services, and workloads so they begin from a safer, more controlled state rather than from permissive defaults.
• Security Group
  A security group is a cloud traffic control construct that defines which inbound or outbound connections are allowed for attached resources.
• Shared Responsibility Model
  The shared responsibility model explains how security duties are divided between a cloud provider and the customer using the service.
• Virtual Private Cloud
  A virtual private cloud is a logically isolated cloud-network environment where organizations define connectivity, routing, and traffic boundaries for workloads.
• VM Escape
  VM escape is a security failure in which code running inside a virtual machine breaks out of that virtual boundary and affects the host or other workloads.
• Workload Identity
  Workload identity is the identity assigned to a non-human workload so it can authenticate and access needed resources without relying on shared static credentials.