Reliance on cloud technologies has significantly expanded the attack surface, exposing organisations to increasing cyber risks. Recent research from Illumio found that nearly half of all data breaches now originate in the cloud, highlighting the critical gap in security measures organisations often rely on when it comes to securing cloud-based resources.
While storing more sensitive data and running more crucial applications in the cloud naturally means an increased risk of breaches, when prepared for accordingly, it doesn’t necessarily mean more critical business assets lost. With the cloud being an inescapable necessity, this much is clear: cloud risk must be equated to business risk. And it must be accounted for accordingly. Because not only do cloud breaches bring with them harsh financial losses for organisations, as cloud-based attacks increase in frequency and severity, they also represent severe reputational damage and trust erosion.
The need for a robust, dynamic security strategy is evident now more than ever. And Zero Trust Segmentation (ZTS), rooted in the Zero Trust principle of “never trust, always verify,” is emerging as a key solution. It offers a granular, adaptable approach to security, aligning with the cloud’s diverse and distributed nature, offering a promising path forward for organisations looking to secure and get the most ROI out of endangered cloud operations.
What are the leading concerns in cloud security today?
To get a sense of the current state of play in cloud security, Illumio commissioned Vanson Bourne to survey 1,600 IT security decision-makers from organisations around the world.
Our research revealed a concerning trend: 46 per cent of breaches reported in the US originated in the cloud, with 61 per cent of affected organisations losing over $500,000 annually to cloud breaches. The frequency of breaches and the size of that price tag underscores the financial and operational risks inherent in inadequate cloud security.
However, as steep as the cost of a cloud breach can be, there are many other far-reaching impacts. The top consequences of cloud breaches, as reported by affected companies, include reputational damage, sensitive data loss, and a decrease in productivity. And organisations recognise that these issues can persist long after the breach itself is resolved and operations restored.
Many organisations have come to realise that reputational damage can be more harmful (and longer lasting) than the immediate financial impact of a breach. This sentiment particularly holds true among UK companies, where only 29 per cent listed the loss of revenue generation as a primary issue, against a global average of 35 per cent. Instead, nearly half listed reputational damage as their main cloud breach concern.
While IT and security leaders are increasingly worried about the risk of a cloud breach, a growing number are also realising that their mainstay traditional security tools are no longer up to the task.
Why are traditional security tools falling short?
Many companies complete their initial cloud migration by wholesale copying their digital assets from their on-premises hardware, including the same security processes and tools. While faster and easier to budget, this approach is a security breach waiting to happen. The dynamic and interconnected nature of the cloud is a very different proposition to a more static and controllable in-house server, and it’s evident that traditional tools and processes can’t keep up.
Despite 55 per cent of IT decision-makers claiming a thorough understanding of their organisation’s cloud security risks, 61 per cent acknowledge that their current security measures are inadequate at addressing these risks, leaving their business severely exposed.
Respondents almost universally told us they needed better visibility into connectivity between resources and faster reaction times to cloud breaches. At present, less than half had full visibility into the connectivity of their cloud services, making the interplay between cloud and on-premises environments a chief concern.
Notably, less than a quarter of respondents consider themselves highly confident in their ability to stop breaches from spreading across hybrid and multi-cloud environments. This poses a big problem, as weak access controls can enable attackers to rapidly move though an environment and access critical data and systems – turning a minor breach into a business catastrophe if rendered uncontained and unchecked.
These issues make it clear organisations must prioritise moving beyond traditional detective security methods and adopt more proactive, real-time solutions to safeguard cloud environments effectively.
The necessity of Zero Trust Segmentation in cloud security
Zero Trust Segmentation (ZTS) is one of the critical solutions in addressing the gaps posed by traditional cloud security solutions. Almost all of the respondents in our research believe ZTS can significantly enhance cloud security.
ZTS is a core technological component of the Zero Trust framework, which advocates for a “never trust, always verify” approach to cybersecurity. ZTS offers a consistent method for segmentation or containment across various environments, including across cloud, endpoints, and data centres. Communications and access controls can be as granular as the organisation requires, even down to the cloud resource level – while easy to implement and automatically enforce.
Effective segmentation, when implemented properly, has the effect of locking down IT infrastructure against attackers. Faced with strict access controls, intruders and malware are trapped in the initial breach point, greatly reducing the ‘blast radius’ of the attack and enabling affected organisations to continue business-critical operations even while under an active attack.
How ZTS is delivering enhanced cloud resilience
Segmentation has become an essential strategy for a secure cloud, with 93 per cent of IT security leaders believing it to be critical in securing cloud-based projects. In fact, 100 per cent of the businesses in our study that have implemented ZTS or another form of microsegmentation have seen improvements to their security capabilities.
Implementing ZTS not only enhances an organisation’s security posture but also contributes greatly to building digital resilience and ensuring business continuity. With more businesses realising that reputation and confidence are the real stakes in a security incident, ZTS offers the highest chance of maintaining customer trust and ensuring organisational integrity even in the evitable event of a breach.
The evolving landscape of cloud security demands a strategic shift towards more resilient and dynamic solutions. And organisations adopting ZTS are proven to significantly mitigate the many risks they face in the cloud, safeguard sensitive data, and maintain operational integrity. Embracing proactive measures like these are essential for any company relying on the cloud today. But more than a security strategy, it’s a commitment to maintaining a secure, resilient, and trusted digital presence.
Raghu Nandakumara is Head of Industry Solutions at Illumio, where he is responsible for helping customers and prospects across a variety of industries build resilience and accelerate zero-trust outcomes with zero-trust segmentation. Previously, Raghu spent 15 years at Citibank, where he held a number of network security operations and engineering roles. Most recently, he served as a senior vice president, where he was responsible for defining strategy, engineering, and delivery of solutions to secure Citi's private, public, and hybrid cloud environments.