The inevitable risks and best defense for cloud cybersecurity

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)

Most businesses, regardless of size, now understand the potential value of the cloud. We’re beyond that stage of early skepticism in which technology decision-makers questioned whether cloud services would factor significantly into corporate operations. Wholesale adoption is now underway and has been for years.

And why not? The benefits of the cloud are obvious. The ability to access cloud-hosted applications and services from anywhere, store and recall data and content without regard to physical data center limitations such as capacity and aging hardware, and grow or shrink infrastructure elastically to meet the changing needs of your business is invaluable. As a complementary part of your overall IT strategy, the cloud can definitely accelerate your corporate growth and help achieve your goals and desired business outcomes.

Danger, unfortunately, still lurks within the cloud for the unwary. All the attributes that make the cloud so convenient and efficient—such as ease of access and decentralization of IT services and data—create the very conditions for risk in the form of security breaches. As more companies embrace public cloud resources and hybrid cloud infrastructures (as opposed to traditional on-premises IT infrastructure) and begin to push more of their workloads and data (especially sensitive data) into these environments, we are witnessing a steady increase in companies experiencing cloud security breaches. The reality for every company embracing cloud is that a cybersecurity incident will eventually occur—it’s just a matter of when.

Trevor Morgan

VP of Product, OpenDrives.

Inevitable security breaches

The inevitability that your business will encounter a security breach, whether through inadvertent carelessness or perhaps through a threat actor’s concentrated efforts, is sobering. The host of problems stemming from such a situation includes legal ramifications, potential governmental sanctions, and most certainly brand reputational damage. Most sources agree that a single security breach can cost your organization millions of wasted dollars, not to mention the fact that it will defocus your organization and alarm your customer base (many of whom might have sensitive personally identifiable information (PII) somewhere in your data ecosystem).

You might have the impression that all your cloud data is highly secure no matter what, especially when you’re leveraging public cloud services that tout rock-solid security measures. Go ahead and rethink any self-assurances or complacency about your cloud security posture. The potential problems are manifold: most security measures in cloud environments must be consciously deployed and configured properly; well-trained (and expensive) professionals must remain alert and monitor cloud environments regularly; and your entire organization must participate in a culture of safe cyber-activity in order to thwart the efforts of hackers employing not only technical acumen but social engineering trickery to find cracks in the armor.

Don’t get me wrong—this is not a scare tactic convincing you to lose faith in your push to the cloud. Quite the contrary! With proper planning and some deliberate and persistent vigilance within your organization, you can confidently rely on your cloud-based IT infrastructure and cloud data services. And, just know that you’re not in the fight alone!

The major web service providers understand the problems and threats just as intimately as any organization can, and they’re trying to stay one step ahead of bad actors. With the mainstream adoption of automation in the form of machine learning (ML) and artificial intelligence (AI), these companies are merging next-generation machine intelligence with standard cloud-based operations and workloads to detect anomalies and potential threats to their customers like you, without your direct intervention.

Taking cybersecurity problems seriously

One way to see how major cloud providers are taking the cybersecurity problem seriously is to view the types of intellectual property patents they file. For example, a patent filed by a subsidiary of Microsoft details the method by which machine intelligence can automatically monitor API transactions and detect anomalous requests in the form of mismatched cloud providers. This might indicate a mounting and intentional threat. On top of using automated machine intelligence to monitor and detect these kinds of situations on a massive scale, the patent details mitigation and remediation efforts in the form of data sharing between cooperative cloud providers. All good measures!

Evolving tech like this helps cloud services providers—and their customers—move closer to a Zero Trust posture in which no request or transaction is assumed legitimate, and instead enforces multiple or many challenges before allowing access to data or services to avoid the dangers of implicit trust. Obviously, maneuvers such as these would be done at the service provider level and wouldn’t necessarily involve intervention from customers or their employees. That doesn’t mean, though, that you should rely solely on the methods that your cloud services provider implements in order to keep your IT infrastructure (and all that potentially sensitive data) safe.

With a deliberate effort to build your organization’s cybersecurity consciousness, you can improve your chances of delaying that event I claimed earlier in this piece was inevitable. While these tactics may seem simple, they go a long way toward closing potential security holes and certainly complement the tech that your cloud services provider no doubt is in the process of deploying to keep you and all those other customers secure:

Don’t be fooled into complacency by relying solely on traditional perimeter security such as firewalls, perimeter monitoring, and intrusion detection. Cloud environments are incredibly distributed so even knowing the extent of your perimeter becomes challenging.

Data-centric security

Consider more data-centric security such as format-preserving encryption or tokenization, especially when you house PII or other highly sensitive information. Data nowadays is rarely at rest, and you want data security that can travel with it.

If your organization has embraced DevOps, make sure you include the Sec in there to form DevSecOps. Data security shouldn’t be an overlay once most of the development is complete—move security up front to the planning phase to ensure it’s built right in.

Encourage a culture of security among all your employees. Never let them forget that all it takes is one oversight for threat actors to pounce. Talk openly about times when you almost feel for that social engineering trick, and keep those lessons learned alive for all to see.

Prioritizing data security, integrating DevSecOps practices, and fostering a security-conscious culture among employees are crucial steps toward safeguarding sensitive information in today's dynamic digital landscape. By proactively addressing security at every stage, organizations can mitigate risks and uphold the integrity of their data assets–and reputation–in the face of evolving cyber threats. So when it comes to data security, remember: prevention is always better than a cure.

We've listed the best cloud optimization service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Trevor Morgan, Ph.D. , VP of Product, OpenDrives.

Read more
Security padlock in circuit board, digital encryption concept
A guide to integrating application security into any cyber defense strategy
Hack The Box crisis simulation event
“Everyone will experience a hack” - how incident response can protect your organization
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Cloud computing graphics.
Sovereign Cloud: redefining the future of secure digital innovation
An image of network security icons for a network encircling a digital blue earth.
Why effective cybersecurity is a team effort
Abstract image of cyber security in action.
It’s time to catch up with cyber attackers
Latest in Pro
An image of network security icons for a network encircling a digital blue earth.
Why multi-CDNs are going to shake up 2025
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Millwall FC The Den
The UK's first football club mobile network is here - but you probably won't guess which team has launched it
A person using a smartphone with a cybersecurity lock symbol appearing over it.
The growing threat of device code phishing and how to defend against It
Cybersecurity
Why OT security needs exposure management to break the cycle of endless patching
Latest in News
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Gemini on a smartphone.
Gemini 2.5 is now available for Advanced users and it seriously improves Google’s AI reasoning
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025