Chapter Thirteen · Securing the Cloud

Cloud and Modern Infrastructure Security

Meridian runs in the cloud, and the intruder's easiest wins there aren't exotic exploits — they're misconfigurations: a public bucket, an over-privileged role, an exposed metadata endpoint. This chapter secures Meridian's cloud account and containers, kept vendor-neutral so the principles transfer to any provider.

5 topics

The cloud does not make security someone else's problem — it splits it, and the customer's half is where nearly every reported cloud breach happens. Those breaches are rarely exotic exploits; they are misconfigurations: a storage bucket left public, a role granted far more than it needs, a metadata endpoint an SSRF can reach. This chapter secures Meridian's cloud the way the data says it actually gets attacked.

Five topics, kept vendor-neutral so the principles transfer to any provider: the shared responsibility model, cloud IAM and misconfiguration, container and Kubernetes security, data protection and secrets, and the attack paths that chain misconfigurations to admin. It builds on the identity (Chapter 3), network (Chapter 4), and web (Chapter 6) foundations rather than repeating them.

Where cloud breaches actually happen — the customer side
Identity & access
over-privilege · leaked keys
Configuration
public storage · open access
Data & secrets
encryption · KMS · metadata

Topics in This Chapter