Due to the scalability of resources and performance, as well as improved maintainability it is apparent that cloud computing will eventually reach IT services that are operating critical infrastructures. Since IT infrastructures have become an integral part of almost all organisations, cloud computing will have a significant impact on them. Protecting sensitive critical infrastructure data in the cloud environment is the explicit focus of our work. The scale and dynamic nature of cloud computing cause challenges for their management, including investigating malicious activity and/or policy failure. Sufficient security metrics needs to ensure the confidentiality, integrity, and availability of the data on the cloud. Hosting critical infrastructure services in the cloud brings with it security and resilience requirements that existing cloud services are not well placed to address. Gaining a deeper understanding of the infrastructure security needs is of utmost importance as there is currently a paradigm shift in assessing the extent of risks and protecting against zero‐day vulnerabilities. Multiple intrusion detection activities have been introduced to address the issue of intrusion detection within cloud computing environments. Our research aims to develop a framework for the protection of critical infrastructure data in the cloud computing environment. We aim to develop a model that can be tailored to the different cloud environments, creating anomaly based intrusion detection techniques tailored to the specialist nature of the cloud computing environment. Our framework should provide monitoring of the network and have an improved detection efficiency based on the efforts in literature. It will be composed of network‐based IDS, with a distributed architecture so that there is no single point of failure.