Cloud security is not a new flavor of network security — it is a different model with different failure shapes. This lesson sets the frame for everything that follows.
What changes when workloads move to the cloud
- The provider runs the metal and the hypervisor; you run everything above the operating system
- Most attack paths now run through identity and configuration, not packet-level network access
- Resources are created and destroyed by code, often hundreds of times per day
- Audit trails are richer and more centralized — but only if you turn them on
What stays the same
The fundamentals do not move. You still need least privilege, you still need to know what you have, you still need to monitor the things that matter, and you still need a rehearsed response plan.
Common early mistakes
- Treating the provider's default settings as "secure"
- Assuming the on-prem firewall ruleset can be ported one-for-one
- Trusting environment names like "dev" to imply isolation
- Skipping the principle of least privilege because "it's just internal"
Takeaway
Approach cloud security as a fresh design problem. The instincts you bring from on-prem are useful but not sufficient. The next nine lessons build the missing instincts.
Free lesson
This is the first lesson of the track. Every HS Academy lesson is free to read.
Sign up free →