Lesson 1 · Cloud security fundamentals

Why cloud security is a different game

8-minute read · beginner

HorizonShield lesson workspace with guided course material and analyst notes
Lesson content is rendered from the Academy CMS and keeps its previous/next course flow.
HS AcademyCloud security fundamentalsLesson 1beginner

Cloud security is not a new flavor of network security — it is a different model with different failure shapes. This lesson sets the frame for everything that follows.

What changes when workloads move to the cloud

  • The provider runs the metal and the hypervisor; you run everything above the operating system
  • Most attack paths now run through identity and configuration, not packet-level network access
  • Resources are created and destroyed by code, often hundreds of times per day
  • Audit trails are richer and more centralized — but only if you turn them on

What stays the same

The fundamentals do not move. You still need least privilege, you still need to know what you have, you still need to monitor the things that matter, and you still need a rehearsed response plan.

Common early mistakes

  • Treating the provider's default settings as "secure"
  • Assuming the on-prem firewall ruleset can be ported one-for-one
  • Trusting environment names like "dev" to imply isolation
  • Skipping the principle of least privilege because "it's just internal"

Takeaway

Approach cloud security as a fresh design problem. The instincts you bring from on-prem are useful but not sufficient. The next nine lessons build the missing instincts.

Free lesson

This is the first lesson of the track. Every HS Academy lesson is free to read.

Sign up free →
← All lessons in Cloud security fundamentals