The exponential growth of cloud adoption introduces new dimensions of risk for organizations migrating from legacy on-premises environments. As guardians responsible for securing increasingly complex and distributed IT ecosystems, security leaders need actionable strategies more than ever.
Bringing his frontline perspective, Brandon Ferreira of cloud consultancy UpCurve Cloud recently joined security expert Tony Rosales for the latest installment of Virtru’s Hash It Out series examining the current cloud security landscape. The two industry veterans unpacked top threats, best practices and emerging innovations set to shape the future.
Diving into the engaging back-and-forth conversation, several key takeaways bubble up that every IT and security leader should note.
People Enable Security – And Undermine It
"[An estimated] 80% of data breaches originate from human error," Ferreira reveals. The sobering statistic underscores that people remain simultaneously security's most critical asset and greatest risk factor.
Rosales stresses that even extensive security tools fail if they bog staff down, stating "if it's not easy to use, people aren't using it." Employees ultimately enable attacks by working around solutions viewed as obstacles to productivity.
On the other hand, properly educating end users makes them the ultimate early detection system spotting threats like phishing attempts. As Ferreira explains, "making sure people know how to use systems and stay safe and secure is key." When users are security-aware, they transform from vulnerabilities to vital sensors on the inside.
The formula for security success has two ingredients: well-designed technology and prepared staff who can leverage tools to full effectiveness. As Ferreira concludes, “The harder it is to use, the less likely they are. And that's not really a good thing when it comes to security." Usable, intuitive tools combined with role-based training fortify people as an extra perimeter.
By recognizing staff as both a top threat and top asset, the right strategies turn people into the ultimate security safeguard. With strong policies and education fueling sensible technology usage, human error declines dramatically while human threat detection soars.
Adopt a Zero Trust Approach
With remote work dispersing users and cloud hosting shifting data outside the traditional network perimeter, Ferreira argues security models need to transition as well - away from the castle-and-moat ideology.
“What happens when somebody needs to leave the castle or come in the castle and you're kind of opening it up to two bad actors or right kind of men in the middle attacks” he remarks, pointing out that breaches often sneak through secure perimeters during legitimate external access.
The zero trust approach flips this model by not trusting anything or anyone by default, even if already "safely inside" the protected infrastructure. Instead, it mandates continuously validating every single access attempt to grant only the bare minimum access required.
This means decoupling access controls from network locations so data stays protected regardless of where it travels. As Ferreira explains, "you're able to kind of take action on that regardless of where it's sitting at that time." By encrypting and securing data itself rather than trusting containers like endpoints or clouds, zero trust eliminates reliance on the illusion of an impenetrable perimeter.
As cloud infrastructure, remote work and third-party connections become the norm, zero trust principles represent the future. Gartner predicts that by 2025, 60% of companies will use Zero Trust solutions instead of virtual private networks. With threats multiplying against traditional perimeter defenses, zero trust denies breach opportunities by removing blind trust, encrypting data flows and confirming every access attempt. The approach ultimately makes managing security more accurate, effective and scalable.
Leverage Emerging Security Analytics
Managing always-changing security threats across cloud environments strains already limited IT resources to their breaking point. Ferreira highlights emerging tools aimed at simplifying cloud security management through analytics dashboards.
By automatically surfacing posture gaps that create risk, identifying compliance deficiencies and even detecting ransomware threats, these solutions allow admins to quickly prioritize and orchestrate remediation. Further innovation in AI and machine learning will only expand automated detection of suspicious activity.
While insider mistakes, ransomware and infrastructure complexity aren’t disappearing anytime soon - the strategies to combat these are changing daily. Organizations like Upcurve Cloud are setting an example of what it means to stay on pace.
Want to watch the full conversation with Ferreira? Catch it on demand here.
