Subscribe to the Non-Human & AI Identity Journal

Cloud Assembly

A cloud assembly is the set of resources, configurations, identities, and dependencies that make an application function as a whole. In recovery planning, it is the practical unit that must be rebuilt together if the application is to come back in a working state.

Expanded Definition

A cloud assembly is the complete, working unit of an application in cloud recovery planning: infrastructure, configuration, service dependencies, identities, secrets, and policy controls that must be restored together. It is broader than an application stack because it includes the access paths that make the stack usable, not just the compute and storage layers.

In NHI and IAM terms, the concept matters because restoration often fails when teams rebuild resources without rebuilding the workload identity relationships that bind them. That means service accounts, federated trust, token issuance paths, and secret references can be as critical as the containers or virtual machines themselves. Definitions vary across vendors, especially where infrastructure-as-code, platform engineering, and disaster recovery overlap, so the safest interpretation is operational rather than purely architectural. For a governance lens, the NIST Cybersecurity Framework 2.0 is useful because it frames recovery as a business capability tied to resilience, not a one-time rebuild task.

The most common misapplication is treating the cloud assembly as a list of resources only, which occurs when identity bindings and secret dependencies are omitted from restoration runbooks.

Examples and Use Cases

Implementing cloud assembly recovery rigorously often introduces more orchestration complexity, requiring organisations to weigh faster service restoration against the cost of dependency mapping and identity rehydration.

  • A production API is restored after an outage by rebuilding its container cluster, database, IAM role bindings, and secret references together, rather than replaying infrastructure alone.
  • A platform team captures a full assembly template so a regional failure can be recovered with the same service mesh policies and workload identities intact.
  • During an audit, engineers trace why a restored service could not authenticate to downstream systems and discover that the application secret existed, but the identity trust chain did not.
  • Security responders use assembly-level documentation to determine whether an incident affected only one workload or the entire trust boundary supporting it, a pattern reflected in cases like the 230M AWS environment compromise.
  • Cloud teams validate that a recovery plan can recreate privileges safely after lessons from incidents such as the Snowflake breach, where access scope and identity controls were central to impact.

In practice, assembly thinking is also useful when reviewing secret handling failures like the Azure Key Vault privilege escalation exposure, because recovery depends on both the vault and the permissions around it.

Why It Matters for Security Teams

Cloud assembly is a resilience and governance concept, but it becomes a security issue the moment identity state is treated as optional. If a recovery process restores compute without restoring the correct privileges, token lifetimes, trust relationships, and secret rotation state, the result is a service that appears live but cannot safely operate. That creates pressure to relax controls during an outage, which is exactly when attackers exploit gaps. For security teams, the assembly view also improves blast-radius analysis because it shows which identities and dependencies are part of the same operational unit.

NHIMG research shows the scale of the identity problem behind this: 70% of organisations grant AI systems more access than a human employee performing the exact same job, and only 44% have implemented any policies to manage AI agents. Those findings matter here because cloud assemblies increasingly include autonomous tooling and agentic workflows that can rebuild, configure, or modify infrastructure. The same lessons map cleanly to the NIST Cybersecurity Framework 2.0, where recovery, access control, and continuous governance are tightly linked.

Organisations typically encounter the true importance of cloud assembly only after an outage or failed restoration, at which point missing identities and dependencies become operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
NIST CSF 2.0 RC.RP CSF defines recovery planning and restoration of services as a core resilience outcome.
NIST SP 800-63 Digital identity guidance helps distinguish human and workload authentication trust requirements.
OWASP Non-Human Identity Top 10 NHI-04 Cloud assemblies depend on non-human identities, secrets, and credential lifecycle hygiene.
NIST Zero Trust (SP 800-207) Zero Trust requires explicit verification of workload access, even during recovery operations.

Document cloud assemblies as recoverable service units and test rebuild procedures against recovery objectives.