Cloud Security

This section covers the language of cloud-native defense: shared responsibility, posture management, workload identity, container security, and cloud access boundaries.

Use it when the term is tied to public cloud, SaaS, or cloud-native operating models.

Core Articles

• Shared Responsibility Model
• Cloud Security Posture Management
• Container Security
• Kubernetes RBAC
• Cloud Workload Protection
• Identity Federation
• Workload Identity
• Secrets Manager
• Security Group
• Virtual Private Cloud
• Secure Configuration
• Configuration Drift
• Immutable Infrastructure
• VM Escape
• Cloud Detection and Response
• Key Management Service
• Cloud Access Security Broker

Related Foundations

Cloud security depends on Least Privilege, Secrets Management, Network Segmentation, and Authentication because cloud risk comes from identity, configuration, workload behavior, and exposure together.

In this section

• Cloud Access Security Broker
  A cloud access security broker is a control layer that gives organizations visibility and policy enforcement between users or systems and cloud services.
• Cloud Configuration Drift
  Configuration drift occurs when live systems gradually diverge from the approved baseline through manual changes, exceptions, or inconsistent updates.
• Cloud Detection and Response (CDR)
  Cloud detection and response is the practice of identifying, investigating, and responding to security threats in cloud environments using cloud-native telemetry and workflows.
• Cloud Key Management Service
  A key management service is a managed platform capability for creating, protecting, and controlling the use of cryptographic keys.
• Cloud Security Group
  A security group is a cloud traffic control construct that defines which inbound or outbound connections are allowed for attached resources.
• Cloud Security Posture Management
  Cloud security posture management helps organizations continuously assess cloud configurations and identify risky settings or policy drift.
• Cloud Workload Protection (CWP)
  Cloud workload protection focuses on securing running cloud workloads such as virtual machines, containers, and application services.
• Container Security Controls
  Container security is the practice of protecting containerized applications, images, runtimes, and related orchestration workflows.
• Identity Federation Model
  Identity federation allows one trusted identity system to support access or sign-in across another system or security boundary.
• Immutable Infrastructure Model
  Immutable infrastructure is the practice of replacing systems with newly built versions instead of modifying running systems in place.
• Kubernetes RBAC Model
  Kubernetes RBAC controls which users, groups, or service accounts can perform specific actions inside a Kubernetes cluster.
• Secrets Manager Service
  A secrets manager is a service or tool used to store, retrieve, and control access to sensitive credentials and key material.
• Secure Cloud Configuration
  Secure configuration is the practice of setting up systems, services, and workloads so they begin from a safer, more controlled state rather than from permissive defaults.
• Shared Responsibility Model
  The shared responsibility model explains how security duties are divided between a cloud provider and the customer using the service.
• Virtual Machine Escape
  VM escape is a security failure in which code running inside a virtual machine breaks out of that virtual boundary and affects the host or other workloads.
• Virtual Private Cloud
  A virtual private cloud is a logically isolated cloud-network environment where organizations define connectivity, routing, and traffic boundaries for workloads.
• Workload Identity Model
  Workload identity is the identity assigned to a non-human workload so it can authenticate and access needed resources without relying on shared static credentials.