Identity paths
Who can assume, escalate, access, or impact critical resources.
Network paths
What is reachable from the internet, workloads, and internal paths.
Data paths
How exposure can reach sensitive data stores and crown jewels.
Why attack paths matter
Cloud findings are rarely dangerous in isolation. Real exposure emerges when identities, workload access, network reachability, and sensitive data connect. Cloudryption models these connections so teams can see paths to impact rather than disconnected issues.
Path types Cloudryption models
- External exposure paths from internet-facing assets into workloads or services.
- Identity paths involving excessive permissions, assumable roles, service accounts, and privilege escalation.
- Workload paths where compute, containers, serverless functions, or images can reach critical services.
- Data paths where misconfiguration, permissions, or network access expose sensitive stores.
- Crown-jewel paths that show how critical systems become reachable through chained weaknesses.
How CID scores paths
CID evaluates each path based on source exposure, required privilege, exploitability, relationship confidence, data sensitivity, asset criticality, and remediation leverage. The goal is not only to show that a path exists, but to rank which paths deserve immediate attention.
Outputs for different teams
| Audience | What they receive |
|---|---|
| Security engineering | Detailed path nodes, edges, findings, and remediation evidence. |
| Cloud platform teams | Specific cloud resources, identities, and configuration changes to validate. |
| Executives | Business-level narrative showing crown-jewel reachability and risk reduction progress. |
See Cloudryption in your environment
Request a focused walkthrough and validate the decision model against realistic cloud security scenarios.