Security Professionals are comfortable reasoning about the security posture of systems within the framework of the OSI model.
We classify attacks as network based or application based each with their own set of understood preconditions or rules.
Enter ‘The Cloud’ or I as like to think about it, platforms in other people’s datacenters.
The Cloud API Platforms are used by a new breed of operations teams to define network or application systems in code.
It’s on the Cloud API Platform that a new attack surface has opened and it plays by none of the old rules.