Announcements >>
Announcements >>
Cloud Computing Class Activity Report
Topic: Cloud Architecture – Risk Prediction and Prevention Strategies
Date: May 12, 2025
Instructor: Srinidhi Kulkarni V
In the cloud computing class, we engaged in an insightful and collaborative activity focused on exploring the concept of cloud architecture from a security perspective. The activity was structured to encourage each student to present their unique ideas on how a cloud environment should be structured and operated. Based on these ideas, students analyzed the architecture they envisioned and predicted the potential security risks associated with their design choices.
This hands-on and peer-driven approach allowed us not only to reflect on the flexibility of cloud models but also to critically assess the inherent threats and brainstorm real-world mitigation strategies, similar to what a Cloud Security Architect would perform in industry scenarios.
– To encourage each student to think independently and creatively about designing a cloud architecture.
– To collaboratively predict the possible risks and vulnerabilities in various cloud setups.
– To explore preventive strategies and modern security tools applicable in real-world cloud deployments.
– To understand threat vectors such as Identity-Based Attacks, Supply Chain Compromise, and Infrastructure-as-Code (IaC) Misconfigurations.
Each student, or group of students, was asked to:
1. Propose their own cloud architecture using public, private, or hybrid cloud models.
2. Identify key components (e.g., authentication systems, CI/CD pipelines, storage buckets, compute resources).
3. Analyze and predict cloud security risks their architecture might be exposed to.
4. Suggest practical mitigation tools and strategies that could be applied to prevent these risks.
– Architecture Components: Lambda functions, API Gateway, S3 bucket, DynamoDB.
– Predicted Risks: Identity-Based Attacks (e.g., unauthorized API access via stolen tokens), Public exposure of storage buckets.
– Preventive Measures: Enforce IAM least privilege policies, S3 bucket policies, AWS IAM Access Analyzer, MFA with Conditional Access.
– Architecture Components: Self-hosted K8s, Docker containers, CI/CD via GitHub Actions.
– Predicted Risks: Supply Chain Compromise (e.g., infected container images, malicious code injections).
– Preventive Measures: Use Trivy, harden pipelines, GitHub Advanced Security, secrets scanning.
– Architecture Components: Azure + On-Premises, automated provisioning via Terraform.
– Predicted Risks: IaC Misconfigurations (e.g., open ports, excessive IAM roles).
– Preventive Measures: Static analysis with tfsec and Checkov, secrets scanning, Policy-as-Code with OPA.
Students explored and discussed:
– Identity Security: Microsoft Defender for Cloud, Azure AD Conditional Access, Okta.
– IaC & CI/CD Security: Checkov, tfsec, Snyk, Trivy, GitHub Actions, OPA.
– Supply Chain Hardening: SBOM, Sigstore, secrets management.
– Monitoring & Compliance: AWS Config, Azure Policy, Sentinel, Splunk.
Key takeaways included:
– Every cloud design presents unique risks.
– Identity remains the most targeted layer.
– Supply chains require preemptive scanning and validation.
– Misconfigurations are common but avoidable with automation.
– Defense-in-depth and continuous visibility are critical.
This class activity offered an engaging opportunity to analyze cloud security risks through the lens of self-created architectures. By predicting potential threats and evaluating real-world mitigation strategies, students built a practical understanding of cloud security. The activity helped bridge theory with industry best practices and encouraged proactive, secure-by-design thinking.
+91 90711 17475
+91 9535423635
+91 9900529066
info@jyothyit.ac.in
Copyright © 2024 Jyothy Institue of Technology