Securing the Cloud: Defenses for Modern Threats
DOI:
https://doi.org/10.54536/ajiri.v4i4.6018Keywords:
CIEM, Cloud Security, CSPM, Data Loss Prevention, Egress Control, Kubernetes Security, Runtime Detection, Software Supply Chain, Tokenisation, Zero TrustAbstract
Cloud adoption across IaaS, PaaS, containers, serverless, and SaaS has widened the attack surface, shifting risk toward identity misuse, misconfiguration, supply chain weaknesses, and data exfiltration; perimeter-only controls no longer suffice. Present a compact threat-to-defence taxonomy for modern cloud environments, grounded in 2020+ evidence and mapped to practical controls. Narrative review of peer-reviewed studies, standards, and agency guidance from 2020 onward, with clearly labelled grey literature; extracted threat, defence, control mapping, metrics, and caveats, then synthesised into four defence families. Across sources, identity-first controls with least privilege with short-lived credentials and CIEM reduces blast radius; CSPM and policy as code curb public exposures and drift; image signing, admission policies, and tuned runtime detection improve container security; egress allow-lists, tokenisation, and immutable backups constrain data loss, provided rollout is centralised and automated to limit friction and false positives. A targeted set of identity-first, posture, runtime, and data or egress controls provides long-term risk reduction while outperforming tool complexity.
Downloads
References
Adewale, T. (2023). Microsegmentation vs. Macrosegmentation: Which Approach is Best for Zero Trust Implementation.
Ahmadi, S. (2024). Systematic literature review on cloud computing security: Threats and mitigation strategies. Ahmadi, S.(2024) Systematic Literature Review on Cloud Computing Security: Threats and Mitigation Strategies. Journal of Information Security, 15, 148–167.
Al-Qtiemat, E., & Al-Odat, Z. (2024). Examining cloud security: identifying risks and the implemented mitigation strategies. Journal of Theoretical and Applied Information Technology, 102(7).
Ali, S., Talpur, D. B., Abro, A., Alshudukhi, K. S. S., Alwakid, G. N., Humayun, M., Bashir, F., Wadho, S. A., & Shah, A. (2025). Security and privacy in multi-cloud and hybrid cloud environments: Challenges, strategies, and future directions. Computers & Security, 104599.
Almeida, J. R., Zúquete, A., Pazos, A., & Oliveira, J. L. (2024). A federated authentication schema among multiple identity providers. Heliyon, 10(7).
Alouffi, B., Hasnain, M., Alharbi, A., Alosaimi, W., Alyami, H., & Ayaz, M. (2021). A systematic literature review on cloud computing security: threats and mitigation strategies. Ieee Access, 9, 57792–57807.
Bajpai, M. (2022). Cloud Based Network Management: Leveraging SASE for Efficient and Secure Access. Journal of Engineering and Applied Sciences Technology.
Bashi, Z. S. M. A., Basri, A. B., & Senan, S. (2025). Unified Secure Access Service Edge (SASE): Transforming Security for Hybrid Workforce and Multi-Cloud Environments. International Journal on Perceptive and Cognitive Computing, 11(2), 1–7.
Cesarano, C., & Natella, R. (2025). KubeFence: Security Hardening of the Kubernetes Attack Surface. arXiv preprint arXiv:2504.11126.
Chandra, A. (2020). Measurement of the Cloud Security Level at Company using Cloud Control Matrix.
Chen, K. (2023). Confidential high-performance computing in the public cloud. IEEE Internet Computing, 27(1), 24–32.
CISA, N. (2022). NSA, CISA release Kubernetes Hardening Guidance. In.
Colotti, M. E. (2023). Enhancing Multi-cloud Security with Policy as Code and a Cloud Native Application Protection Platform Politecnico di Torino.
Deka, P. K., Verma, Y., Bhutto, A. B., Elmroth, E., & Bhuyan, M. (2022). Semi-supervised range-based anomaly detection for cloud systems. IEEE Transactions on Network and Service Management, 20(2), 1290–1304.
Dhar, A., Sridhara, S., Shinde, S., Capkun, S., & Andri, R. (2024). Confidential Computing with Heterogeneous Devices at Cloud-Scale. 2024 Annual Computer Security Applications Conference (ACSAC).
Dieterich, J. (n.d.). Development of an Adversary Simulation Strategy for a Kubernetes-based Open RAN Deployment.
Dommari, S., & Khan, S. (2023). Implementing Zero Trust Architecture in Cloud-Native Environments: Challenges and Best Practices. Available at SSRN 5259339.
Eldjou, A., Amoura, M. E., Soltane, M., Belguidoum, M., Bennacer, S., & Kitouni, I. (2023). Enhancing Container Runtime Security: A Case Study in Threat Detection. TACC.
Fernandez, E. B., & Brazhuk, A. (2024). A critical analysis of Zero Trust Architecture (ZTA). Computer Standards & Interfaces, 89, 103832.
Fisher, P. (2025). Cloud Infrastructure & Entitlement Management (CIEM). https://www.kuppingercole.com/research/lc80465/cloud-infrastructure-entitlement-management-ciem
Ge, C., Susilo, W., Baek, J., Liu, Z., Xia, J., & Fang, L. (2021). Revocable attribute-based encryption with data integrity in clouds. IEEE Transactions on Dependable and Secure Computing, 19(5), 2864–2872.
Gelernter, N., Schulmann, H., & Waidner, M. (2024). External Attack-Surface of Modern Organizations. Proceedings of the 19th ACM Asia Conference on Computer and Communications Security.
Hegde, T., Gangl, J., Babenko, S., & Coffman, J. (2023). Cloud security frameworks: A comparison to evaluate cloud control standards. Proceedings of the IEEE/ACM 16th International Conference on Utility and Cloud Computing.
James, W. (2021). Architecting Secure Cloud Networks: Balancing Performance, Flexibility, and Zero Trust Principles. International Journal of Trend in Scientific Research and Development, 5(3), 1339–1348.
Jimmy, F. (2023). Cloud security posture management: tools and techniques. Journal of Knowledge Learning and Science Technology ISSN: 2959-6386 (online), 2(3).
Lal, A., Prasad, A., Kumar, A., & Kumar, S. (2022). Data Exfiltration: Preventive and detective countermeasures. Proceedings of the International Conference on Innovative Computing & Communication (ICICC).
Lata, M., & Kumar, V. (2025). Cyber security techniques in cloud environment: comparative analysis of public, private and hybrid cloud. EDPACS, 70(3), 1–21.
Lee, J. H., & Park, J. (2025). A Case Study: Leveraging SASE Technology for Zero Trust Implementation in Cloud Environments. 2025 International Conference on Information Networking (ICOIN).
Maddali, G. (2025). Zero Trust Security Architectures for Large-Scale Cloud Workloads. Available at SSRN 5365222.
Maidine, K., & El-Yahyaoui, A. (2023). Key Mechanisms and Emerging Issues in Cloud Identity Systems. International Conference of Cloud Computing Technologies and Applications.
Mallick, M. A. I., & Nath, R. (2024). Securing the server-less frontier: Challenges and innovative solutions in network security for server-less computing. Reading Time, 193(1), 1–45.
Morić, Z., Dakić, V., & Čavala, T. (2025). Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads. Journal of cybersecurity and privacy, 5(2), 30.
Neelakandhan, M., Ramprakash, G., & Gaidhani, M. (2022). Achieving least privilege at cloud scale with cloud infrastructure entitlements management. Cyber Security: A Peer-Reviewed Journal, 5(3), 227–236.
Nguyen, M., & Debroy, S. (2022). Moving Target Defense-Based Denial‐of-Service Mitigation in Cloud Environments: A Survey. Security and Communication Networks, 2022(1), 2223050.
Nguyen, P. Q., Tikalsky, M. A., & Durlauf, S. M. (2023). Software Bill of Materials: A Catalyst to a More Secure Software Supply Chain.
OWASP, T. API Security Risks—2023. URL: https://owasp. org/API–Security/editions/2023/en/0x11–t10.
Oyeniyi, J. O., & Oyeniran, O. A. Optimizing Information Security In Cloud Environments: A Risk Management Approach And Guide For Enterprise Cloud Security. Journal of Cybersecurity Education, Research and Practice, 2025(1), 8.
Potla, S. (2025). Securing Multi-Cloud Environments: Challenges and Solutions. Journal of Computer Science and Technology Studies, 7(4), 780–785.
Rose, S. (2022). Planning for a Zero Trust Architecture: A Planning Guide for Federal Administrators. National Institute of Standards and Technology White Paper(20).
Sahar Saeed, Z. M., Zainal, A. B., Ghaleb, F. A., & Al-rimy, B. A. S. (2025). Enhancing public cloud resilience: an analytical review of detection and mitigation strategies against economic denial of sustainability attacks. Discover Internet of Things, 5(1), 79.
Sinan, M., Shahin, M., & Gondal, I. (2025). Integrating Security Controls in DevSecOps: Challenges, Solutions, and Future Research Directions. Journal of Software: Evolution and Process, 37(6), e70029.
Singh, R., Yeboah-Ofori, A., Kumar, S., & Ganiyu, A. (2024). Fortifying Cloud DevSecOps security using terraform infrastructure as code analysis tools. 2024 International Conference on Electrical and Computer Engineering Researches (ICECER).
Sivaseelan, S. (2024). Enhancing Cyber Resilience in Multi-Cloud Environments.
Stafford, V. (2020). Zero trust architecture. NIST special publication, 800(207), 800–207.
Tahirkheli, A. I., Shiraz, M., Hayat, B., Idrees, M., Sajid, A., Ullah, R., Ayub, N., & Kim, K.-I. (2021). A survey on modern cloud computing security over smart city networks: Threats, vulnerabilities, consequences, countermeasures, and challenges. Electronics, 10(15), 1811.
Tatineni, S. (2023). AI-infused threat detection and incident response in cloud security. International Journal of Science and Research (IJSR), 12(11), 998–1004.
Tran, M. H. (2023). How the MITRE ATT&CK Framework can be used for Threat Modelling in the Cloud NTNU.
Türetken, B. (2024). Enhancing Security with Cloud-based API Management: Best Practices and Implementation. In: KTH Royal Institute of Technology.
Vidhya, S. (2024). Enhancing Cloud Security for Structured Data: An AES-GCM Based Format-Preserving Encryption Approach. International Conference on Advancements in Smart Computing and Information Security.
Yilmaz, U., & Harding, P. (2024). Securing the software supply chain for containers: practices and challenges in a cloud-native landscape for a global observatory. Software and Cyberinfrastructure for Astronomy VIII.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Jehanzaib Jamil
This work is licensed under a Creative Commons Attribution 4.0 International License.
