Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » Why Cybersecurity Hygiene Is So Critical in Multi-Cloud Environments
Cloud

Why Cybersecurity Hygiene Is So Critical in Multi-Cloud Environments

Chris HughesBy Chris HughesFebruary 24, 2023Updated:February 24, 20234 Mins Read
Facebook Twitter LinkedIn Email
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

By now it is clear that organizations are fully committed to embracing multi-cloud architecture as part of their digital transformation strategies and initiatives. A closely related security trend has emerged against this backdrop: cloud data breaches and security incidents such as those that impacted Okta, Twilio, and others.

As organizations adopt multiple cloud services, they need to be cognizant of security hygiene, which is the implementation of best practices and secure configurations in cloud environments. Security hygiene mitigates risks associated with use of the cloud and, more broadly, any technology.

The Shared Responsibility Model

The cloud uses something referred to as a “shared responsibility model,” which delineates what the cloud provider is responsible for, what the cloud consumer is responsible for, and what responsibilities are shared between these two entities.

These responsibilities differ depending on the service model in question, no matter if it’s infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), or software-as-a-service (SaaS). For example, let’s look at the Microsoft Azure Shared Responsibility Model, which clearly delineates customer, vendor, and shared responsibilities.

Microsoft Azure Shared Responsibility Model chart
Source: Microsoft

While organizations continue to move to multi-cloud future to leverage the strengths of multiple cloud services and providers, they need to be familiar with their responsibilities under the shared responsibility model and ensure that they are doing their part. Unfortunately today, this isn’t the case: sources such as Gartner predict that through 2025, 99% of cloud security incidents will be due to customer misconfiguration.

Which companies are the most important vendors in cybersecurity? Click here to see the Acceleration Economy Top 10 Cybersecurity Shortlist, as selected by our expert team of practitioner analysts.

The Importance of Multi-Cloud Security Hygiene

To avoid misconfiguration, organizations must have robust cloud security hygiene, which is complex when dealing with multiple providers. A good part of multi-cloud adoption includes implementing secure configurations and being familiar with each of the respective cloud platforms and services, their configurations, and, of course, industry best practices for cloud security.

Luckily, there are also tools to help organizations handle these challenges since having humans understand all of these nuanced configurations — and even more importantly, monitor them at scale, especially in large complex environments — simply isn’t realistic.

These tools include Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM). CSPM and SSPM can help you identify vulnerable configurations; determine if your environments align with industry guidance such as Center for Internet Security benchmarks; and ensure your cloud configurations align with specific compliance requirements that your organization and industry may follow.

CSPM Tools

CSPM tools help users identify and remediate risks, automate visibility and monitoring, and produce alerts and notifications for insecure configurations or potentially concerning behavior.

CSPM typically applies to IaaS environments such as AWS, Azure, and Google Cloud. Popular CSPM tools include vendors such as Wiz, Sysdig, and Palo Alto Networks (on the Acceleration Economy Top 10 Cybersecurity Short List), among others. There are also open source software (OSS) options such as Prowler.

Insights into Why & How to Recover from a Cybersecurity Breach
Guidebook: Cybersecurity Breach and Recovery Response

CSPM tools have continued to evolve as cloud adoption has grown. In the early days of CSPM tooling, there wasn’t broad support for different CSPs and they weren’t as feature-rich. They’ve grown to cover more cloud service offerings and provide detailed analyses of your configurations and compliance in specific cloud environments.

SSPM Tools

SSPM tooling goes beyond IaaS cloud offerings and focuses on SaaS applications. This is crucial because while organizations in general may be using two to three IaaS providers on average, large enterprise environments are often using hundreds of SaaS applications.

On the SSPM front, there are organizations such as AppOmni, Obsidian Security, Grip Security (also on our shortlist), and Axonius that provide robust and promising SSPM capabilities. These capabilities continue to evolve along with the threat landscape to help organizations get a handle on their SaaS security and compliance requirements.

Early on, SSPM players didn’t boast broad SaaS coverage, but that is changing with vendors such as Axonius, which uses its asset management connectors and other unique features to cover a wide range of SaaS offerings. This allows organizations to ensure they meet compliance requirements and have secure configurations across their portfolios of SaaS applications. SSPM tools are suited for any organization that is using SaaS at scale; that is, nearly every modern organization.

See the Cybersecurity Top 10 shortlist

Final Thoughts

Knowing that nearly all cloud security incidents will be due to customer misconfigurations and errors, it’s vital for organizations in multi-cloud environments to leverage CSPM and SSPM tools to ensure proper hygiene, while also being aware of what they are on the hook for under the relevant shared responsibility models. Failing to do so can have devastating consequences, as we have seen over the last several years with millions of sensitive records, proprietary data, and more being exposed.


Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

breach Cloud Compliance data multi-cloud PaaS SaaS security vulnerability Vulnerability management
Share. Facebook Twitter LinkedIn Email
Analystuser

Chris Hughes

CEO and Co-Founder
Aquia

Areas of Expertise
  • Cloud
  • Cybersecurity
  • LinkedIn

Chris Hughes is a Cloud Wars Analyst focusing on the critical intersection of cloud technology and cybersecurity. As co-founder and CEO of Aquia, Chris draws on nearly 20 years of IT and cybersecurity experience across both public and private sectors, including service with the U.S. Air Force and leadership roles within FedRAMP. In addition to his work in the field, Chris is an adjunct professor in cybersecurity and actively contributes to industry groups like the Cloud Security Alliance. His expertise and certifications in cloud security for AWS and Azure help organizations navigate secure cloud migrations and transformations.

  Contact Chris Hughes ...

Related Posts

Microsoft Adopts A2A Protocol, Agentic AI Era Begins

May 9, 2025

IBM Launches Microsoft Practice to Accelerate AI, Cloud, and Security Transformation

May 9, 2025

AI Agent & Copilot Podcast: JP Morgan Chase CISO Publicly Pushes for Stronger Security Controls

May 8, 2025

ServiceNow Re-Invents CRM for End-to-End Enterprise

May 8, 2025
Add A Comment

Comments are closed.

Recent Posts
  • Microsoft Adopts A2A Protocol, Agentic AI Era Begins
  • AI Agent & Copilot Podcast: Finastra Chief AI Officer Lays Out Range of Use Cases, Microsoft Collaboration
  • IBM Launches Microsoft Practice to Accelerate AI, Cloud, and Security Transformation
  • AI Agent & Copilot Podcast: JP Morgan Chase CISO Publicly Pushes for Stronger Security Controls
  • ServiceNow Re-Invents CRM for End-to-End Enterprise

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks

Accelerating GenAI Impact: From POC to Production Success

November 1, 2024

ExFlow from SignUp Software: Streamlining Dynamics 365 Finance & Operations and Business Central with AP Automation

September 10, 2024

Delivering on the Promise of Multicloud | How to Realize Multicloud’s Full Potential While Addressing Challenges

July 19, 2024

Zero Trust Network Access | A CISO Guidebook

February 1, 2024

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.