The Toxic Cloud Trilogy is a recipe for disaster

Rajnish Gupta
Managing Director and Country Manager
Tenable India

As AI becomes more accessible and leverages vast amounts of data stored in the cloud, organisations are managing an unprecedented level of data sensitivity.

In this AI-driven world, data is constantly in motion, fueling innovation but also introducing new risks. The ease with which cloud storage can expand allows organisations to collect and store massive datasets, but securing these datasets has become increasingly challenging. Misconfigurations, risky entitlements, and unaddressed vulnerabilities can leave sensitive data and AI resources exposed.

Research from Tenable found that 84% of organisations have risky access keys, 74% have publicly exposed cloud storage and 23% have high-severity excessive permissions. These vulnerabilities illustrate the growing difficulty security teams face as they manage the relentless stream of alerts in cloud environments.

Why the toxic cloud trilogy exists

The operational efficiency the cloud offers makes it indispensable to modern businesses. Its flexibility, scalability and expansive range of storage technologies have resulted in massive amounts of data being stored in the cloud. AI is also driving the volume and variety of data stored in the cloud. As AI applications become more sophisticated, they require more data to function accurately. And the more data that’s stored in the cloud, the more users it attracts, expanding the attack surface.

One of the reasons why the cloud is so difficult to secure is because data is constantly on the move, residing in various locations and formats. In a multi-cloud environment, the sheer complexity of the infrastructure, coupled with the fact that different vendors offer different security controls, allow misconfigurations to slip through.

Unlike on-prem infrastructure, cloud deployments don’t have a perimeter and are directly accessible through the internet. It’s easier for attackers to gain unauthorised access to critical cloud-based assets by compromising credentials. The lack of adequate identity security and the presence of over-privileged access not only impedes visibility but further opens up organisations to attacks. The numbers prove it —38% of organisations have at least one cloud workload that is publicly exposed, critically vulnerable and
highly privileged.

How to secure the cloud?

Securing the cloud comes with a whole host of responsibilities that come with collecting, storing and using data. Periodic security audits don’t cut it for a cloud that’s ephemeral. It requires automatically and continuously scanning data assets, identifying sensitive data and alerting on potential risk of compromise. ost cloud security solutions in the market do provide valuable protection, but they cannot analyse and inform organisations on which threats to prioritise. Given the problem set, organisations need tools that not only excel at securing cloud environments but also protect the data and AI resources residing within them.

Using standalone Data Security Posture Management (DSPM) and AI Security Posture Management Solutions (AI-SPM) can shed light on risks to data and AI resources but without proper integration into broader cloud security tools, it’s a real challenge to contextualise and prioritise security findings.

Organisations need DSPM and AI-SPM that are integrated with CNAPP, to pinpoint valuable data and AI resources, and also build a secure vault around the cloud. Such holistic tools solve the toxic cloud trilogy — public exposure, critical vulnerabilities and identity security. CNAPP tools integrated with DSPM and AI-SPM offer in-depth data discovery and classification, ensuring critical and sensitive information is identified and prioritised for protection. It offers full visibility, paving the way for focused security measures, and dramatically simplifying regulatory compliance. It helps security practitioners enforce AI entitlement management, ensuring only users with the correct access policies can access proprietary data and AI models.

Importantly, a CNAPP can work effortlessly across a multi-cloud environment. These abilities enable CNAPPs to deliver on their promise of finding and remediating risks at scale. With cloud breaches on the
rise, organisations cannot ignore the risks hovering over their most important and business-critical assets in the cloud. It’s time to adopt holistic CNAPP solutions to achieve a stronger security posture and prevent breaches that damage reputations.

-Rajnish Gupta is the Managing Director and Country Manager at Tenable India

Share on

Nish Lathia starts a new position as Chief Technology Officer at Kotak Mahindra Bank

Rohit Chatter has been appointed as Chief Data Officer (CDO) at Angel One

Giriraj Jadhav starting a new position as Chief Information Security Officer at Edelweiss Alternative Investment Finance (AIF)

Prashant Malankar starting a new position as Chief Information Security Officer at DSP Pension Fund

Rajesh Karir Takes on New Role as Director – Information Technology Operations at Evalueserve

Rajesh Thapar Joins NSE India as Chief Information Security Officer

Annapurna Vishwanathan Joins Airbus as VP Head of IM & Digital, India and South Asia

Prakash Padariya Joins Daimler Truck Innovation Center India as Cyber Security Operations Head

Shruti Kashyap starts a new position as VP – Distributed Trade Technology at Unilever

Keshav Dubal Joins The Oberoi Group as Head of Information Technology