Not all cloud services expose the same security risks. One of the biggest mistakes organizations make is applying a single threat model across IaaS, PaaS, and SaaS.
Each cloud service model shifts responsibility, trust boundaries, and attacker opportunities. This guide explains how to threat model IaaS, PaaS, and SaaS correctly using real-world cloud security patterns seen in US enterprises.
Why Cloud Service Models Change the Threat Landscape
The cloud operates on a shared responsibility model. As you move from IaaS to SaaS:
- Customer control decreases
- Provider responsibility increases
- Visibility into security controls is reduced
- Threat modeling focus must shift accordingly
Effective threat modeling starts by understanding what you control — and what you don’t.
Threat Modeling Infrastructure as a Service (IaaS)
IaaS provides maximum flexibility — and maximum risk exposure.
Common IaaS Platforms
- AWS EC2, VPC, IAM
- Azure Virtual Machines, VNets
- Google Compute Engine
Primary IaaS Attack Surfaces
- IAM roles and credentials
- Network security groups and firewalls
- Public-facing compute instances
- Storage services (S3, Blob, GCS)
High-Risk IaaS Threats
- Over-permissioned IAM roles
- Publicly exposed storage buckets
- Unpatched virtual machines
- Lateral movement between instances
Threat modeling focus: Identity abuse, network exposure, and misconfiguration.
Threat Modeling Platform as a Service (PaaS)
PaaS reduces operational overhead but introduces new risks through abstraction.
Common PaaS Services
- AWS Lambda, RDS, API Gateway
- Azure App Services, Functions
- Google Cloud Functions, Cloud Run
Primary PaaS Attack Surfaces
- APIs and event triggers
- Service-to-service authentication
- Secrets and environment variables
- Third-party integrations
High-Risk PaaS Threats
- API abuse and broken authentication
- Serverless privilege escalation
- Injection attacks via event payloads
- Exposed secrets in code or configuration
Threat modeling focus: APIs, identity propagation, and business logic abuse.
Threat Modeling Software as a Service (SaaS)
SaaS offers the least control but still carries significant security responsibility.
Common SaaS Examples
- CRM, ERP, HR platforms
- Cloud collaboration tools
- AI-powered SaaS applications
Primary SaaS Attack Surfaces
- User identities and access controls
- OAuth and SSO integrations
- Misconfigured tenant settings
- Exposed APIs and webhooks
High-Risk SaaS Threats
- Account takeover
- Excessive user permissions
- Data leakage between tenants
- Third-party app abuse
Threat modeling focus: Identity governance, access review, and data exposure.
Comparing Threat Modeling Focus Across Service Models
| Cloud Model | Main Threat Focus | Primary Risks |
|---|---|---|
| IaaS | Infrastructure & IAM | Misconfigurations, lateral movement |
| PaaS | APIs & Identity Flow | API abuse, privilege escalation |
| SaaS | Users & Data | Account takeover, data leakage |
Common Mistakes in Cloud Service Threat Modeling
- Using IaaS threat models for SaaS platforms
- Ignoring provider-managed security controls
- Failing to reassess risks when service models change
- Overlooking third-party integrations
Practical Takeaways
- Threat modeling must adapt to the cloud service model
- IAM is the dominant attack path across all models
- PaaS and SaaS demand stronger API and identity analysis
- Shared responsibility defines threat modeling scope