As digital transformation drives organisations to adopt and include cloud infrastructure into their core business, the attack surface changes as well, leaving different attack vectors available for exploitation by attackers. As the saying goes, “the cloud is just someone else’s computer” falls somewhat short of describing the environment and its associated risks.

A cloud security assessment in many ways has parallels to a traditional infrastructure assessment. While the manifestation of risk’s may be different, threats such as credential disclosure facilitating lateral movement and privilege escalation is as realistic on cloud infrastructure as it is on self-hosted infrastructure, with some nuance.