{"id":8128,"date":"2026-03-24T12:00:00","date_gmt":"2026-03-24T10:00:00","guid":{"rendered":"https:\/\/blog.eset.ee\/et\/2026\/03\/24\/cloud-workload-security-mind-the-gaps\/"},"modified":"2026-03-24T12:00:00","modified_gmt":"2026-03-24T10:00:00","slug":"cloud-workload-security-mind-the-gaps","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2026\/03\/24\/cloud-workload-security-mind-the-gaps\/","title":{"rendered":"Cloud workload security: Mind the gaps"},"content":{"rendered":"

Complexity is said to be the enemy of many things, but when it comes to organizations and their IT systems and processes, complexity is arguably the worst enemy of cybersecurity<\/a>. For many IT and security practitioners, this plays out daily as they scramble to manage what IBM once called a “Frankencloud<\/a>,” a patchwork of private and public cloud environments, often further entangled with various on-premise and possibly legacy resources.<\/p>\n

The ease with which some cloud assets, notably virtual machines<\/a>, can be spun up contrasts sharply with the reality of keeping them hardened and monitored once they begin to multiply. The machine and software sprawl often produces environments that are heterogenous and beset by inconsistent rules, which ultimately makes them difficult to defend.<\/p>\n

When it rains, it pours<\/h2>\n

IT and security teams \u2013 which often number just a handful of people already stretched thin by an industry-wide talent shortage \u2013 find themselves jumping between dashboards and consoles as they try to stitch together a coherent story from scattered data points. Every time an admin switches tools or interfaces, the risk of a missed alert or another misstep increases, much to an attacker\u2019s delight.<\/p>\n

Bad actors, after all, don\u2019t think of organizations as collections of separate silos. They see one large and increasingly interconnected target, where a single account or machine \u2013 once it\u2019s compromised through leaked credentials or another gaffe \u2013 can be used for lateral movements or as an on-ramp for further intrusions across environments.<\/p>\n

Risk often thrives at the \u2018seams\u2019 of the infrastructure: the places where one entity\u2019s responsibility ends and another\u2019s begins, or where the lines are misunderstood \u2013 until the first serious incident forces a reckoning. In fast-growing companies, that boundary is far too often discovered the hard way. Many cloud data breaches trace back to mundane lapses in security hygiene and oversights in the management of complex deployments, rather than fiendish zero-day exploits.<\/p>\n

\n

According to Google\u2019s H2 2025 Cloud Threat Horizons Report<\/a>, credential compromise and misconfiguration remained the primary entry points for threat actors into cloud environments in the first half of 2025. The latter half of last year saw an interesting twist, according to the report\u2019s H1 2026 issue<\/a> published just days ago, as both initial access vectors were leapfrogged by software-based exploits.<\/p>\n

Meanwhile, the price tag of the incidents remains steep. IBM\u2019s Cost of a Data Breach 2025<\/a> puts the average cost of a data breach that involves multiple environments at an average of US$5.05 million, while the average cost of a data breach involving \u201conly\u201d the public cloud isn\u2019t far behind at US$4.68 million. Legal and compliance costs and a loss of reputation and customer trust then add insult to injury.<\/p>\n<\/blockquote>\n

If complexity is the enemy, then simplicity should be the antidote, right? Not so fast. Few organizations can afford to give up the flexibility and cost-efficiency that made the cloud in various of its flavors attractive in the first place. Nor should they. The more realistic ambition is to make complexity legible and manageable \u2013 and this starts with visibility. Worryingly, a survey by the Cloud Security Alliance<\/a> has found that only 23% of organizations have full visibility into their cloud environments.<\/p>\n

Now you see me<\/h2>\n

Sometimes you have to say things that go without saying: you can\u2019t secure what you can\u2019t see. But \u2018raw\u2019 visibility on its own isn\u2019t enough. Without context and correlation that help produce a full picture, what you get is little more than better-lit chaos. You need a way to impose a unified policy across environments and then to enforce the rules across various systems, including on virtual machines in multiple clouds, and across identity layers. Arguably, this kind of unity doesn\u2019t make the environment smaller, but it makes it manageable while reducing the attack surface.<\/p>\n

When every authentication attempt, process start, network connection and file modification leave a trace somewhere, the volume of telemetry data can be overwhelming. Therefore, automation, when applied carefully, matters just as much. It helps close the gaps where attackers like to dwell, countering the \u2018entropy\u2019 that naturally sets in as networks grow. In addition, routine tasks and correlation of telemetry data from disparate sources are handled by a system that doesn\u2019t get tired or distracted. That way, human operators can focus on the parts of incident response that require human judgment.<\/p>\n

The cloud itself is not the problem, of course. In systems that are designed to scale and change, a degree of complexity is inevitable, especially as the business expands. Securing cloud workloads rests on ensuring that as your digital infrastructure grows, your visibility and control grow with it. That way, you avoid learning the truly hard lessons from incidents.<\/p>\n

\"cloud-workload-protection\"<\/a>\n<\/p>\n

Read the full analysis on WeLiveSecurity \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

As IT infrastructure expands, visibility and control often lag behind \u2013 until an incident forces a reckoning<\/p>\n","protected":false},"author":5,"featured_media":8129,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2879],"tags":[],"class_list":["post-8128","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-security"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8128","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=8128"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8128\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/8129"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=8128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=8128"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=8128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}