Author:  Francesco Beltramini, Head of Technical Solutions, ControlPlane
Bio: Francesco is a Security Professional with 15 years of working experience and deep technical competence matured on a number of high-end projects for both public and private sector organisations. Francesco had the opportunity to work on a variety of technology stacks in designing and implementing complex security architectures in both the IT and OT spaces, from Cloud to mission-critical/safety-critical/high-assurance infrastructure. Francesco has recently developed a strong interest in business development, particularly in shaping service offerings and product strategy to drive innovation and market growth.

Cloud native threat modelling is a systematic approach to identifying, assessing, and mitigating security risks in modern cloud environments. Unlike traditional threat modelling, which focuses on static, well-defined infrastructure, cloud native threat modelling must account for the highly dynamic, distributed, and ephemeral nature of cloud systems. This shift demands new methodologies to tackle evolving security challenges effectively.

Many organisations struggle with cloud native security due to the rapid evolution of technology, a widening skills gap, observability challenges, and the need to manage volatility at scale. By embedding threat modelling into cloud security strategies, organisations can better prioritise risk mitigation, align remediation efforts with business objectives, and ensure that their technology roadmap supports business resilience and security.

Threat modelling applies across a broad range of cloud native systems, including Kubernetes clusters, containerised workloads, and CI/CD pipelines, as well as modern systems and platforms such as AI/ML workflows. To summarise, beyond identifying security weaknesses, threat modelling provides structured guidance for securely architecting, provisioning, and deploying cloud native environments.

Business Outcomes: Translating Security into Value

A well-executed threat modelling process delivers key business outcomes that go beyond security improvements. It enables organisations to:

• Validate Security Assumptions: Uncover hidden risks and challenge implicit assumptions to ensure security decisions are based on data
• Identify Threat Actors and Attack Vectors: Analyse potential adversaries, whether external attackers, insider threats, or accidental risks, to design targeted security controls
• Define Critical Threat Objects: Clearly identify what needs protection — whether applications, sensitive data, or intellectual property — to prioritise security investments effectively
• Prioritise Remediation Efforts: Categorise threats by severity and exploitability, ensuring that selected security controls are focused on mitigating the most impactful risks

Aligning Threat Modelling with Business Strategy

By taking a structured, risk-based approach, every organisation can align security initiatives with business goals, improving overall resilience and reducing exposure to cyber threats. Cloud native threat modelling is not just a technical exercise — it serves as a bridge between security teams and business decision-makers. When integrated into enterprise risk management, it enables organisations to:

• Maintain a strategic perspective while addressing tactical risks
• Ensure compliance with regulatory frameworks such as NIST, ISO 27001, and SOC 2
• Improve communication between technical teams and leadership by translating security risks into business impacts
• Prioritise security investments based on real-world risk exposure

By embedding threat modelling into broader business risk management, organisations can ensure that security efforts support operational goals and drive long-term resilience.

Leveraging Open Source Tooling and Initiatives for Remediation

Threat modelling helps identify security risks and informs the selection of appropriate security controls to mitigate them. Once risks are assessed, controls can be derived to reduce exposure and improve the security posture of cloud native environments. The Linux Foundation and open source initiatives provide a rich ecosystem of tools and frameworks to implement these controls effectively.

For example, threat modelling may reveal risks related to runtime security, policy enforcement, observability, or software supply chain integrity. Open source projects and CNCF-backed initiatives offer practical solutions to implement necessary controls, ensuring security best practices are embedded within cloud native architectures. These initiatives also provide community-driven frameworks, guidelines, and security blueprints that help organisations align their remediation efforts with industry standards.

Additionally, the CNCF and the eBPF Foundation have sponsored the development of end-user threat models for several graduated projects. These models serve as valuable resources for organisations looking to adopt cloud native technologies in a risk-driven and secure manner, implementing security best practices and mitigating key risks from the outset.

By integrating these resources into an actual remediation roadmap, organisations can systematically apply security controls, enhance visibility into risks, and drive continuous security improvements. Leveraging open source solutions also ensures security efforts remain adaptable to the evolving cloud native landscape while benefiting from the collective knowledge of the wider community.

Conclusion: Security as a Business Enabler

Cloud native threat modelling is more than just a security exercise — it is a critical business enabler. By systematically identifying and mitigating risks, organisations make informed decisions that strengthen security posture while aligning with long-term business objectives. Whether securing CI/CD pipelines, Kubernetes environments, AI/ML workflows, or GitOps-driven deployments, structured threat modelling is essential for resilient, future-proof cloud native architectures.

Getting Started

Start integrating threat modelling into your security strategy today. Leverage open source tools, CNCF initiatives, and community best practices to build a robust, risk-driven security roadmap.

See you at KubeCon EU 2025, and be sure to visit the CNCF project booths to learn from real-world implementations, explore security best practices, and discover how open source solutions can help de-risk your cloud native journey.