Network and Infrastructure Threats

Cloud networking abstracts traditional network concepts while introducing new security challenges. Software-defined networking (SDN) provides powerful isolation capabilities through virtual private clouds (VPCs), security groups, and network ACLs. However, misconfigurations can completely bypass these controls. A single overly permissive security group rule might expose internal resources to the internet.

Default configurations often prioritize connectivity over security. Default VPCs might allow unrestricted outbound access. Automatically created security groups could permit unnecessary protocols. Default encryption might be disabled for performance. These defaults, combined with the ease of resource creation, lead to security drift as environments grow. Threat modeling must consider both initial configurations and ongoing governance.

Serverless and container architectures challenge traditional network security models. Lambda functions might execute outside traditional network boundaries. Container orchestration platforms create dynamic networking that security tools struggle to monitor. Service mesh implementations add layers of complexity. Each architectural pattern requires specific threat analysis as traditional network security controls may not apply.

Inter-region and multi-cloud connectivity multiply network attack surfaces. VPN connections between regions might traverse the public internet. Peering relationships could inadvertently connect separate security zones. Multi-cloud deployments often rely on internet connectivity rather than private networks. Each connection point requires threat analysis for both the data plane and control plane.