Analyze each part of your workflow and consider what could go wrong. Use an industry-standard methodology to classify the identified threats.
Threat modeling helps you find and fix security threats before they become real problems. Analyzing your workload helps you put together a report that shows which attack paths are the most serious and helps you quickly find weak spots.
Contoso’s challenge
- Even though they haven’t had a security problem yet, the workload team doesn’t have a clear way to check if all possible threats are covered by their current security setup.
- They realize that there’s a gap in their security, and if something goes wrong, they might not be ready.
Applying the approach and outcomes
- The team brings in a security consulting specialist to learn how to do threat modeling.
- After their first exercise, they find that they have well-designed controls for most threat vectors, but there are some gaps:
- One problem was in a data cleanup task that runs after Apache Spark jobs. It had two insider threat risks for data leaks.
- An old system used by a race team that’s no longer active still had access to sensitive race data.
- They’ve scheduled fixes for the next development cycle, including shutting down the old system.
Leave a Reply