Cloud Environment Advice for Cloud Security Day

0

Today, we rely more than ever on cloud technology for storage, collaboration and scalability. While this technology can increase convenience, it also has an ever-present security challenge. In 2022, Venafi found that 81% of organizations experienced a cloud-related security incident. With global cloud security growth projected to increase $40 billion in 2023 to $70 billion by 2028, Cloud Security Day is a crucial reminder of the importance of safeguarding data, applications, and infrastructure in an era of growing cyber threats.

This annual event brings together security experts, industry leaders and technology professionals to discuss best practices, emerging threats, and innovative solutions to protect cloud environments. Let’s see what they have to say.

Implement Just-in-Time Access

For managing privileged access, I adhere to Just-in-Time access. No one, including myself, receives permanent admin rights. We log every session and stream it to Sentinel, ensuring full visibility and accountability.

Building a culture of security requires more than checklists. I incorporate security into every team discussion, even outside of engineering. When people understand how their role relates to risk, they’re far more likely to care and take early action.

Nirmal Gyanwali, Founder & CMO, WP Creative

Build A Culture of Security

One major threat in cloud environments is misconfiguration, which can expose sensitive data and create vulnerabilities across multi-cloud and hybrid setups. To address this, I recommend adopting a zero trust approach alongside automated configuration management and continuous monitoring using cloud-native tools such as AWS Security Hub, Azure Security Center, and Google Chronicle. For example, by automating configuration audits and enforcing strict identity and access management (IAM) policies–including the principle of least privilege and multi-factor authentication–you can effectively manage privileged access and reduce the risk of human error.

Additionally, building a culture of security is essential. This involves regular training sessions for both technical and non-technical teams, clear communication of security responsibilities, and comprehensive risk assessments for third-party vendors. By integrating these practices, organizations can create a resilient cloud security posture that not only addresses current threats but also adapts to evolving risks.

Shehar Yar, CEO, Software House

Inadequate Compliance Documentation Is a Threat

In government contracting, I’ve discovered that the most significant cloud security threat is actually inadequate compliance documentation and monitoring of third-party access. When assisting my clients in achieving FedRAMP certification, I consistently emphasize implementing automated compliance monitoring tools such as AWS Config or Azure Policy. These tools are combined with strict access controls that track every user interaction with sensitive data. This approach has saved several of our clients from potential security breaches during federal audits.

Josh Ladick, President, GSA Focus

Consistent Policy Enforcement Is Key

From my experience building SaaS products, securing multi-cloud environments comes down to consistent policy enforcement across platforms. We learned this the hard way after a security incident spanning our AWS and Azure services. I now ensure we use cloud-native security tools like CloudTrail and Azure Security Center with unified logging, which has saved us countless hours of manual monitoring and helped catch several potential breaches early.

Joshua Odmark, CIO and Founder, Local Data Exchange

Unauthorized Access Through Weak Identity Controls

One of the biggest threats in cloud environments is unauthorized access through weak identity controls. I’ve seen companies that think they’re covered because they’ve locked down endpoints or firewalls, but the real problem starts with who can get in and what they can touch once they do. Years ago, we helped a law firm clean up after a breach caused by an ex-employee who still had admin access in their cloud CRM. They assumed the permissions would expire on termination. They didn’t. From that moment, we’ve always emphasized clear offboarding procedures and regular access reviews.

For teams managing multi-cloud or hybrid cloud setups, the key is to simplify and centralize. Don’t let each provider become its own island. Use cloud-native tools like AWS CloudTrail, Azure Security Center, and Google Cloud’s Security Command Center–but connect everything through a single pane of glass if possible. I like recommending platforms that can monitor multiple environments at once. That makes it easier to spot drift, misconfigurations, and gaps in access policies. We also train our clients to monitor traffic between public and private cloud spaces. That’s where issues often hide.

Building a strong security culture isn’t just about tools–it starts with people. We teach non-technical staff how to spot phishing and require MFA on everything, even internal apps. When our own team adopted phishing simulations, our click rate dropped by half in three months. It proved that awareness makes a real difference. Leaders need to make security feel like a shared responsibility, not just an IT concern. When everyone feels accountable, mistakes are caught faster and issues don’t slip through the cracks.

Elmo Taddeo, CEO, Parachute

Reduce Your Attack Surface

At Zentro Internet, I’ve found that the biggest cloud security threat is actually access management. We had several close calls with compromised credentials last year before implementing strict role-based controls. I now recommend starting with a detailed access audit and using tools like AWS IAM for granular permissions, which helped us reduce our attack surface by 60%.

Andrew Dunn, Vice President of Marketing, Zentro Internet

Regularly Audit User Permissions

Having launched multiple SaaS apps, I’ve found that insider threats and misconfigured access controls are the biggest risks in cloud environments. I recommend implementing a zero-trust architecture and regularly auditing user permissions. Last month, we caught several dormant admin accounts that could have been security vulnerabilities.

Paul Sher, CEO, FuseBase

Implement Zero-Trust Architecture with Continuous Authentication

I’m excited to share that at PlayAbly.AI, we’ve found implementing zero-trust architecture with continuous authentication to be crucial for securing our cloud environments, especially given our work with sensitive AI/ML models. From my experience leading Unity’s data products, I strongly recommend using cloud-native security tools like AWS GuardDuty or Azure Security Center, combined with regular security awareness training. This training should include realistic phishing simulations and hands-on workshops for both technical and non-technical team members.

John Cheng, CEO, PlayAbly.AI

Prioritize Your Data

Restoring large volumes of data can take hours, days or even weeks. However, a targeted recovery approach can get the most critical operations running again much faster. The better the organization understands what data has been affected, the quicker the security team can restore it. Solutions for change tracking and system auditing can help detect unwanted changes, while recovery tools can roll them back efficiently. 

Ilia Sotnikov, Security Strategist, Netwrix

Incorporate Regular Cyber-Awareness Sessions

To proactively build a security culture beyond technical teams, I emphasize cross-functional training that incorporates cyber-awareness sessions. Hosting workshops helps mitigate security risks as teams across departments become vigilant, reducing the likelihood of human error, which is often the weakest link in security protocols.

Louis Balla, VP of Sales & Partner, Nuage

Educate Technical and Non-Technical Teams

Building a security-focused culture involves educating both technical and non-technical teams on the importance of cybersecurity practices. I’ve led initiatives where we included mandatory cybersecurity training sessions for all employees. For managing third-party risk in our cloud ecosystems, we routinely conduct vendor assessments and demand compliance reports to ensure that our partners adhere to the same strict security standards we uphold.

Steve Payerle, President, Next Level Technologies

Collaborate With All Stakeholders

A key component of building a culture of security is the integration of cybersecurity priorities into all aspects of business operations, not just IT. By collaborating with stakeholders like CTOs and CIOs, we help embed security as a foundational aspect of digital change projects. Our experience shows that consistent education and a collaborative approach across departments lead to more resilient and secure cloud ecosystems, helping organizations address third-party risks effectively.

Ryan Carter, CEO/Founder, NetSharx

Managing Third-Party Risk Is Crucial

While building TinderProfile.ai, managing third-party risk became my top priority since we handle sensitive user data across multiple cloud services. I’ve developed a pragmatic approach of maintaining a detailed vendor security assessment checklist and conducting quarterly reviews of our cloud service providers’ security certifications. This approach has helped us prevent data exposure incidents and maintain user trust.

Alexander Liebisch, Founder, TinderProfile

Utilize Cloud-Native Tools for Monitoring

I recommend utilizing cloud-native tools such as CloudTrail, Azure Security Center, and GCP Security Command Center for security monitoring and compliance. These tools offer real-time monitoring of user activity within your cloud environment, allowing you to quickly detect and respond to any potential threats or unauthorized access attempts. 

I must say that implementing a Privileged Access Management (PAM) solution like CyberArk significantly enhances your security posture by providing an additional layer of protection for privileged accounts and credentials. According to a study by Gartner, 80% of security breaches involve privileged credentials.

Stefan Van der Vlag, AI Expert/Founder, Clepher

Use Compliance and Threat Detection Tools

For security monitoring, I rely on tools like AWS Security Hub and Azure Security Center—they’re powerful for compliance and threat detection. To establish a culture of security, I believe in making security a shared responsibility; this means educating every team, technical or otherwise, about their role in protecting data. Lastly, third-party risks demand collaboration and vigilance; I always vet vendors with thorough risk assessments and mandate shared security obligations in all contracts.

Robbert Bink, Founder, Crypto Recovers

Role-Based Access Controls Minimize Unauthorized Access

As a former M&A Integration Manager at Adobe, I’ve spent years navigating complex integrations, which often involve cloud environments. My current venture, MergerAI, uses AI for streamlining M&A processes, inherently requiring robust cloud security measures. In M&A situations, data protection across cloud environments becomes crucial, motivating MergerAI to employ stringent role-based access controls, minimizing the risk of unauthorized access.

To secure multi-cloud and hybrid environments, implement continuous monitoring and employ tools like MergerAI’s dashboard, which tracks integration metrics in real-time. This approach ensures seamless data flow and security compliance using customizable reporting features. Effective management of privileged access can be achieved using MergerAI’s centralized deliverable management platform, where permissions are carefully assigned to safeguard sensitive data.

Building a security-focused culture involves leveraging AI assistants to provide instant, role-specific support, and encouraging a proactive posture across technical and non-technical teams. In terms of third-party risks, MergerAI’s collaboration tools ensure that external stakeholders are granted appropriate access levels, which are tightly controlled and monitored to maintain data integrity throughout the integration lifecycle.

Ernie Lopez, Founder & CEO, MergerAI

Foster a Sense of Shared Responsibility

Building a culture of security across teams involves regular training and awareness programs for both technical and non-technical staff. Encourage open communication about security issues and foster a sense of shared responsibility. Leaders should model good security practices and highlight the importance of security in achieving business objectives.

Roman Surikov, Founder of Ronas IT, Ronas IT

Don’t Grant Access Based on Network Location

To secure multi-cloud and hybrid cloud environments, organizations must adopt a zero-trust security model, ensuring that access is granted based on strict identity verification rather than network location. Implementing robust IAM (Identity and Access Management) policies, multi-factor authentication (MFA), and least-privilege access controls can significantly reduce risk. Privileged access should be carefully managed through just-in-time (JIT) access provisioning, continuous monitoring, and logging of all administrative actions. At Pumex, we also leverage AI-driven threat detection tools to identify unusual behavior in real time, ensuring that any potential breach is detected and mitigated before it escalates.

Antony Marceles, Founder, Pumex Computing

Focus on Data Recovery Education, Simulations and Metrics

As the CEO of DataNumen with 24+ years in data recovery, I’ve observed how cloud security failures lead to devastating data loss incidents across our global client base spanning 240+ countries.

At DataNumen, we’ve observed that organizations with strong security cultures implement:

(1) Consequence education: Share real (anonymized) data loss scenarios and their business impacts with all employees, making technical risks tangible.

(2) Recovery simulations: Include non-technical teams in tabletop exercises about data recovery decision-making during incidents.

(3) Recovery metrics tracking: Make recovery time objectives (RTOs) and recovery point objectives (RPOs) visible to business units, not just IT teams.

The intersection of cloud security and data recovery is critical; organizations that plan for recovery alongside prevention consistently experience significantly lower business impacts from security incidents.

Alan Chen, President & CEO, DataNumen, Inc.

Keep It Human-Centric

Keep it human-centric. Not everyone is a security expert, but everyone can learn to pause and ask, “Is this safe?” Conduct brief, real-world training sessions. Recognize individuals who report issues. Make security approachable, not intimidating. Additionally, bring developers, operations, and security teams together early—shifting left only works when everyone is involved from the beginning.

Vipul Mehta, Co-Founder & CTO, WeblineGlobal

More Cloud Tech News

 

Share.

About Author

Taylor Graham, marketing grad with an inner nature to be a perpetual researchist, currently all things IT. Personally and professionally, Taylor is one to know with her tenacity and encouraging spirit. When not working you can find her spending time with friends and family.