Computer Science · 12th Grade

Active learning ideas

Cloud Computing Security

Active learning works especially well for cloud computing security because students need to experience the gaps between provider promises and customer obligations. Hands-on activities let them see how a misconfigured firewall or an open storage bucket can expose data, even when the cloud provider is fully compliant.

Common Core State StandardsCSTA: 3B-NI-04CCSS.ELA-LITERACY.RST.11-12.7
30–50 minPairs → Whole Class3 activities

Activity 01

Jigsaw45 min · Small Groups

Jigsaw: IaaS, PaaS, and SaaS Security Profiles

Divide students into three expert groups, each researching the shared responsibility model for one cloud service type using a provided article and diagram. After 15 minutes of expert-group work, students reorganize into mixed groups containing one expert from each type. Each expert teaches their model, and the mixed group maps responsibilities onto a shared chart, identifying where security gaps commonly occur.

Analyze the shared responsibility model in cloud security.

Facilitation TipDuring the Jigsaw, assign each expert group a single cloud model and require them to prepare a two-minute mini-lecture with one real-world breach example to anchor their security profile.

What to look forProvide students with a scenario: 'A small e-commerce business is moving its website to a PaaS cloud environment.' Ask them to list two security tasks the cloud provider is responsible for and two tasks the business is responsible for.

UnderstandAnalyzeEvaluateRelationship SkillsSelf-Management
Generate Complete Lesson

Activity 02

Case Study Analysis50 min · Pairs

Design Sprint: Migrate an App to the Cloud

Pairs receive a brief description of a small web application handling student health records. They must design a cloud migration plan that addresses: identity and access management, data encryption at rest and in transit, logging and monitoring, and incident response. Pairs present a one-page security plan to another pair for critique before the class discusses common patterns and gaps.

Differentiate between various cloud deployment models (IaaS, PaaS, SaaS) and their security implications.

Facilitation TipWhen running the Design Sprint, give teams exactly 20 minutes to sketch a threat model before they begin their migration diagram, forcing them to surface security concerns up front.

What to look forPose the question: 'Imagine you are designing a cloud security strategy for a new social media application. What are the top three security concerns you would address first, and why?' Facilitate a class discussion comparing student approaches.

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 03

Think-Pair-Share30 min · Pairs

Think-Pair-Share: When Cloud Goes Wrong

Students individually read a short summary of a real cloud misconfiguration breach (e.g., exposed S3 bucket). They identify which layer of the shared responsibility model failed and who was accountable. Pairs compare interpretations, then the whole class builds a matrix of breach types mapped to responsibility layers.

Design a basic security strategy for migrating an application to the cloud.

Facilitation TipFor the Think-Pair-Share, provide a deliberately incomplete incident report so pairs must identify missing details about the cloud provider’s shared responsibility before sharing with the class.

What to look forPresent students with a list of security responsibilities (e.g., patching the OS, encrypting data at rest, managing firewall rules, securing physical data centers). Have them categorize each item as 'Provider Responsibility' or 'Customer Responsibility' for IaaS, PaaS, and SaaS models.

UnderstandApplyAnalyzeSelf-AwarenessRelationship Skills
Generate Complete Lesson

A few notes on teaching this unit

Start by modeling a quick cloud setup yourself so students see how easily defaults can be insecure. Then transition to co-constructing a shared responsibility chart on the board; research shows students retain shared-responsibility concepts better when they build the model collaboratively rather than receive it as a slide. Avoid spending more than 15 minutes on lecture—move immediately into activities where students apply the model.

By the end of these activities, students will clearly distinguish provider duties from customer duties, cite concrete examples of cloud breaches linked to misconfiguration, and propose secure configurations for IaaS, PaaS, and SaaS deployments.

Watch Out for These Misconceptions

  • During Jigsaw: IaaS, PaaS, and SaaS Security Profiles, watch for students who claim providers handle all security once workloads are in the cloud.

    Use the expert group charts to guide students back to the shared responsibility model; challenge them to place each security control on the correct side of the model and cite provider documentation to verify.

  • During Design Sprint: Migrate an App to the Cloud, watch for students who assume default cloud settings are secure.

    Have teams present their security checklists alongside their migration diagrams and ask peers to identify any default settings still in place.

  • During Think-Pair-Share: When Cloud Goes Wrong, watch for students who blame the cloud provider for breaches without examining customer configuration.

    Use the incident reports to prompt pairs to label every control as provider or customer, then ask them to explain how a different configuration could have prevented the breach.

Methods used in this brief

More in Network Architecture and Cryptography

Network Fundamentals: OSI and TCP/IP Models

Students learn about the layered architecture of networks using the OSI and TCP/IP models, understanding how data flows.

2 methodologies

Internet Protocols: TCP/IP, DNS, HTTP

Students study TCP/IP, DNS, and HTTP in detail, simulating how packets move across a distributed network.

2 methodologies

Routing and Switching

Students explore how routers and switches direct network traffic, understanding concepts like IP addressing and subnetting.

2 methodologies

Wireless Networks and Mobile Computing

Students investigate the principles of wireless communication, Wi-Fi security, and the challenges of mobile computing.

2 methodologies

Common Cybersecurity Threats and Attack Vectors

Students analyze common attack vectors like SQL injection, man-in-the-middle, and social engineering.

2 methodologies