Even though all businesses today engage with the cloud, the journey is far from over. Increasing interest in generative AI is driving the cloud market to new heights, positioning it as a key enabler. Data reflects this trend: according to the latest findings from the Politecnico di Milano Observatory, the Italian market is growing by 24% in 2024, with the Public & Hybrid Cloud segment alone seeing a 30% increase over the previous year, driven primarily by Infrastructure as a Service (IaaS).
While cloud adoption news is positive, the rise in cyber incidents and data breaches offers a stark contrast. Data breaches are extremely costly for companies (averaging $4.88 million, according to IBM), and, as reported by Clusit and other sources, incidents are becoming increasingly frequent and damaging, impacting finances, contracts, reputation, and regulatory compliance.
The era of cloud transformation, which is revolutionizing IT ecosystems with new forms of governance, management, and application deployment, has also deeply reshaped security paradigms. Moving beyond traditional perimeter-based models, security management has become more strategically and operationally complex. Today, company data and application infrastructure components (such as VMs, containers, and microservices) are spread across diverse environments, from in-house servers to complex public and private cloud architectures.
While cloud models are increasingly complex, the need for security is greater than ever. Cloud security must be a primary focus for those looking to build innovation, modernize business processes, and maintain competitiveness in increasingly challenging markets based on hybrid and multi-cloud paradigms.
The term "cloud security" is broad by design. It involves protecting different types of cloud-hosted data and workloads across various architectures (private, public, hybrid, and multi-cloud) and meeting protection needs to be tied to data value, application importance, and compliance with general (e.g., GDPR) or industry-specific regulations (e.g., HIPAA).
Today’s cloud security paradigm is far more advanced than it once was. It requires a multilayered system with different measures working across various fronts in synergy (known as security posture management) to proactively protect infrastructure, data, and applications. Rather than simply placing one or more firewalls at the network perimeter, today’s approach integrates a network of processes and technologies into a unified defense strategy, enabling proactive threat detection and effective incident management. Here are some key elements of cloud security management.
It may seem a simple question, but in a hybrid model that includes public cloud components from various hyperscalers (Microsoft, Amazon, Google, IBM, etc.), the rule of "shared responsibility" applies, depending on the cloud services the company uses.
For instance, with IaaS, companies are responsible for the security of all application infrastructure components (such as VMs, containers, networks, APIs, and middleware) but not the underlying hardware, whose uptime and performance are covered by the provider’s SLAs. On one end, we have the classic on-premises model where everything falls under the company’s control and responsibility, on the other, we have SaaS, which makes the provider responsible for the entire physical and application infrastructure. In this case, the company’s responsibility is limited to data protection, endpoint security, user access, and potentially the application code.
The concept of perimeter security does not disappear in the cloud era but evolves and becomes more complex. Cloud environments are highly software-centric (using SDN, Software Defined Networking), allowing traditional network security approaches to be reimagined for greater flexibility and automation. Effective strategies include workload segmentation across virtual networks and advanced firewalls like Web Application Firewalls (WAF) and Next-Generation Firewalls (NGFW). The latter not only filters traffic by port and protocol but also uses intelligent behavior analysis and integrates threat intelligence tools for proactive and adaptive protection.
The key role of identity and access management
As traditional perimeters dissolve and access to systems is possible anytime, from any device, it is critical to control precisely who can access what and how. IAM solutions allow companies to define granular access and authentication policies, ensuring that only specific users can interact with critical resources. Advanced tools such as multi-factor authentication (MFA) and the principle of least privilege further strengthen overall security, minimizing the risk of unauthorized access.
Zero Trust is not a tool but a foundational approach to cloud security. In a zero-trust architecture, every access request to company resources is strictly authenticated, authorized, and continuously monitored, regardless of origin. The principle is straightforward: every user, device, and application is considered untrustworthy by default. This approach entails specific practices like network micro-segmentation and context-based access policies.
Monitoring is essential for real-time analysis of network activity, enabling the detection of anomalies and potential threats. Key cybersecurity services like the Security Operations Center (SOC) use this data to mitigate risks and ensure continuous protection of critical infrastructures and applications. Observability, in turn, offers deep visibility into what’s happening within systems and applications: through dedicated solutions, companies can observe interactions between applications and underlying infrastructure, identifying errors, bottlenecks, vulnerabilities, and potential threats.
Vulnerability assessments and penetration tests are fundamental to the preventive security of modern IT ecosystems. They allow the identification and analysis of potential weaknesses in increasingly complex, distributed systems, ensuring that detected vulnerabilities are addressed through effective remediation or mitigation tools.