Cloud Attack Surface

In the cloud, the provider secures the infrastructure while the customer secures configuration, identity, and data. Most breaches occur on the customer side of this line.

• The provider patches hypervisors and physical security.
• The customer owns IAM policies, storage permissions, and network rules.
• Misconfiguration, not provider compromise, is the dominant risk.

Cloud has no traditional network edge. Access is governed by IAM: users, roles, policies, and keys. A leaked access key can be as damaging as a stolen domain admin password.

• IAM policies grant actions on resources.
• Roles let services and users assume temporary credentials.
• Over-permissioned identities are the primary escalation vector.