World Cloud Security Day: additional protection needed

Concept artwork on cloud security generated by Google Gemini (Imagen 3).

On World Cloud Security Day, April 3, it's worth remembering that cloud offers a measure of security for businesses. Rich Murr, Chief Customer Officer & CIO at Epicor said: "What we're seeing is that moving to the cloud is a game-changer for businesses when it comes to compliance and data security. For businesses using cloud-based ERP software, having all their data in one place simplifies compliance with regulations like GDPR and CCPA. 

"Regular risk assessments and proactive measures are easier to manage in the cloud. Compliance frameworks such as ISO 27001, SOC 2, and PCI DSS are often built into cloud solutions, helping businesses stay ahead of potential vulnerabilities. Most of our new business is now in the cloud, and it's clear why: it helps businesses avoid penalties and build a reputation for trust and integrity."

Murr added that moving to ERP software-as-a-service can help small businesses leverage AI-powered threat detection systems that can identify and mitigate cyberthreats in real-time. "Cloud computing isn't just about storage; it's a way for businesses to safeguard their digital assets more effectively," he said.

Industry observers also highlighted the gap between current cyberdefences and the ability to manage cloud security effectively.

Fabio Fratucello, Field CTO International, CrowdStrike said: "As organisations continue to accelerate their move to the cloud, they’re embracing its scale and speed to drive business transformation. However, with this rapid adoption comes expanded attack surfaces. Adversaries are exploiting stolen identity credentials to gain access to cloud environments—often undetected. According to CrowdStrike’s 2025 Global Threat Report, cloud intrusions jumped 26% last year. Valid account abuse was the leading method of initial access, accounting for 35% of all cloud incidents in the first half of 2024.

"Traditional approaches to cloud security, where organisations rely on fragmented point cloud security tools, are simply not enough. Organisations should use World Cloud Security Day as a catalyst to assess the security of their cloud environments. To stop cloud breaches, security teams need a unified approach—one that protects cloud infrastructure, workloads, applications, identities, data, SaaS and AI models from a single platform. 

 

"This closes protection gaps and reduces both complexity and cost. Additionally, security teams need to assess their current runtime protection and cloud detection and response (CDR) capabilities. As cloud security technologies—and threats—continue to evolve, visibility alone into cloud security posture is not enough. Organisations must focus on stopping the breach."

Chaim Mazal, Chief Security Officer of Gigamon shared: “All cloud traffic is automatically encrypted. Yet, despite good intent to keep data safe, research has found that 93% of malware hides behind encrypted traffic. That means cybercriminals can move around inside a company’s network, often undetected, for weeks or even months before striking.

"Here’s the worrying part: More than half (51%) of security teams in Singapore can’t detect data breaches using their existing tools. Even worse, over a third of local organisations only discovered breaches after their sensitive information surfaced on the dark web. AI is enabling even more sophisticated attacks, making the threat landscape more dangerous."

"The most important thing organisations can do to improve cloud security and protect their and their customers’ data is to prioritise gaining visibility into all data in motion–also called deep observability–providing protection from threats they don’t see and ensuring their most critical assets are kept safe across networks.”

World Cloud Security Day is a timely reminder for organisations to assess how robust their cloud identity security posture is, said Charles Chu, GM, IT and Developer Solutions, CyberArk. "In today's digital landscape, securing identities—both human and machine—is paramount. Effective cloud identity security ensures that only authorised entities access specific resources, reducing the risk of data breaches and unauthorised access," Chu said. 

Cloud-native organisations operating in complex, multicloud environments face several key challenges, he explained: 

Multiple cloud environments 

Managing identities across various cloud platforms can lead to inconsistent security policies, increasing vulnerability. 

Proliferation of identities 

The rapid growth of machine identities alongside human users complicates the enforcement of security protocols. 

Maintaining operational agility 

Balancing swift development and deployment with stringent security measures is challenging, often leading to misconfigurations. 

"To address these challenges, organisations need to rethink their approach to securing identities at cloud velocity," Chu advised. 

CyberArk's tips on enhancing cloud identity security include: 

A phased approach 

Begin by ensuring compliance with industry regulations, then progressively implement advanced security measures. 

Zero Standing Privileges (ZSP) 

Transition to a just-in-time access model to minimise potential attack surfaces. 

Centralise identity management 

Utilise unified platforms to oversee identities, access controls, and security policies, ensuring consistent enforcement across all cloud services. 

"While safeguarding organisational assets in a complex digital environment is challenging, a proactive and comprehensive approach to cloud identity security is the key to staying protected and resilient," Chu concluded.