Earlier this year, Google’s parent company Alphabet made its biggest acquisition to date. Its first bid to buy Wiz, a US-Israeli cloud security startup, for $23bn, in July 2024, was rejected. Alphabet closed the deal in March, paying $32bn. The mega-deal shows just how important cloud security has become. Google has been focusing on security for some time – buying Siemplify for $500mn and Mandiant for $5.4bn, both in 2022 – but with Wiz, the focus is on multicloud and cloud security. Thomas Kurian, Google Cloud CEO, wrote in a blog post that this acquisition will “improve security by making it easier and faster for organisations of all types and sizes to protect themselves across all major clouds”.
Wiz is a multicloud platform. It has close partnerships with all the hyperscalers, and plans to keep it that way. The deal signifies two important things. In the age of AI, cloud security is more important than ever, and, even with a billion-dollar Google deal, multicloud is here to stay. Research from Flexera found that 89% of companies now have a multicloud approach, and 97% of IT leaders intend to expand their cloud systems by using one or more clouds. Nadav Zafrir, the CEO of Check Point Software, says he hasn’t spoken to a client, partner or customer that is currently using only one cloud.
If a developer downloads a model from some open-source repo, how do we check it, test against it and make sure there are no back doors?
Herain Oberoi, Microsoft Security
“And it makes sense, because sometimes Azure is better. Sometimes you can use AWS or Google or Oracle. Whatever you’re using – and even if you’re not aware that you’re using multiple clouds – your third-party risk shows you that you are,” he says. Through a network of vendors, partners and suppliers, every organisation is indirectly connected to multiple cloud platforms. These third-party relationships create a complex web of digital interactions between cloud environments. Simplifying this cloud complexity is what made Alphabet write that big cheque for Wiz. It’s an agentless solution with a user-friendly interface and its focus is on visibility, putting everything companies need to see in one spot. “One of the most important things is understanding posture in the cloud, actually giving companies visibility to see what they have,” says Andrew Conway, Microsoft vice president for security marketing.
Microsoft is unique in that it has to oversee a number of cloud services, as well as its own infrastructure. According to Conway, it’s one of the most attacked entities in the world, second only to the US Federal Government. It processes trillions of threat signals daily, and with AI growing the attack surface, there are more sophisticated and scalable threats.
But with millions of customers building AI apps in Azure or deploying AI products in Microsoft 365 Copilot, Herain Oberoi, general manager at Microsoft Security, says observability is now more important than ever. He often gets asked about data security, and which apps are being used in the organisation. Customers will also ask if they can get visibility into what is being typed into prompts on web applications like ChatGPT or DeepSeek. Oberoi says his customers are concerned that sensitive internal data will be fed into a model, and inadvertently leave the organisation.
Cloud security also means understanding model vulnerabilities and that comes with its own set of questions. “If a developer downloads a model from some open-source repo, how do we check it, test against it and make sure there are no backdoors?” asks Oberoi. Another common AI-related security issue is prompt injection attacks. This involves a user manipulating a system into giving a response it wasn’t intended for, he says. “How can we detect that prompt ahead of time, and then block against it? For a company to have a successful AI transformation, it needs a strong security foundation.”
Microsoft’s Conway says when a cloud service is started up, it will launch with the default settings that will minimise potential vulnerabilities. A few years ago, he would speak to markets in which customers were lagging in cloud adoption, and customers would ask for lengthier support on legacy, insecure protocols. “They had so much technical debt and needed help continuing to secure it all,” he says. Now, with cloud security, he is seeing the reverse of that trend, and CISOs want help with better defaults and offboarding legacy tech.
Security oversight
There is also the thorny issue of cloud misconfiguration. Zcaler’s Cloud (In)Security research found that over 98% of organisations have some kind of misconfiguration that cause critical risks to data and infrastructure. While supply-chain attacks and large-scale breaches tend to make the news, many cloud-based attacks come down to basic security oversight. This can include port management, data protection, configuration settings, as well as identity management. “So, if you can do a better job right from the start, you can really reduce the attack surface and help prevent a lot of attacks,” says Conway.
According to Gartner, more than 70% of enterprises will use cloud platforms to accelerate their business initiatives by 2027. Cloud providers are responsible for securing their cloud infrastructure, and customers are in charge of securing their own data and applications in the cloud. A common recommendation is to use a cloud security posture management (CSPM) tool such as Check Point CloudGuard, Fortinet’s Lacework FortiCNAPP, or Google’s new cloud security buy, Wiz. Gartner predicts the CSPM market will reach $6.1bn in the next three years. And while visibility is one matter, seeing is simply not enough; businesses will also need remediation.
AI secure posture management (AI-SPM) is how organisations can handle the security challenges that come with using managed or self-hosted AI services and tools. Wiz’ ‘The State of AI in the Cloud 2025’ found that over 85% of organisations are using some form of AI in their cloud environments, which suggests the need for robust security measures.
CSPM and AI-SPM tools are important in maintaining security consistency, visibility and control in the multicloud landscape. A SAS study found that 99% of technology decisionmakers at enterprise organisations face data challenges with multiple clouds. Customers may have adopted a multicloud strategy to avoid vendor lock-in, optimise resource usage, improve cost-efficiency and leverage diverse functionalities from different cloud providers, says Kunle Ogunfolabi, technical lead for West, East and Central Africa at Nutanix, “but multicloud environments can quickly become a blind spot.” The complexity in managing multiple cloud providers and their different stacks and APIs isn’t just about coverage, it’s about clarity, configuration and control at scale. “Security is tough. It’s about understanding a myriad threats and controls,” says Check Point’s Zafrir. In the end, better cloud security means understanding your own environment, anticipating and remediating threats and implementing a strategy that improves visibility.
PICTURE THIS
Even though public cloud service providers offer baseline security, keeping data safe is still up to IT and security teams. With so many security frameworks – NIST, ISO 27001, FedRAMP, among others – security teams often look for practical guidance that covers them all. The Center for Internet Security (CIS) is a non-profit organisation responsible for the CIS Controls and CIS Benchmarks, two globally recognised best practices for securing IT systems and data. While implementing these benchmarks and controls can help harden systems, there’s another way to ensure compliance with less maintenance – hardened images. “Hardening is a process of limiting potential weaknesses that make a system vulnerable to cyber attacks,” says Don Freeley, VP of IT Services at CIS. “Coming out of the box, most operating systems are not secure enough to operate in a public cloud environment or a public environment at all.” Default cloud images prioritise ease of use, not security, leaving key settings exposed unless teams manually lock them down. This is why CIS developed pre-hardened, or pre-configured, virtual machine (VM) images that reside in the cloud and enable users to cost-effectively perform routine computing operations without having to invest in local hardware and software. A VM image is like a template for launching a virtual machine. It includes the operating system and the settings that determine how that system behaves in the cloud. Manually hardening VM images requires effort. You have to consistently check and validate security configurations, maintain those configurations and keep them updated over time. This process is time-consuming and errorprone. Hardened images, on the other hand, help address common, compliance-related hurdles and deliver better cloud security. According to research from HFS, around two-thirds of organisations have made strategic cloud investments, but less than a third have realised their goals. One of the reasons for this is that they didn’t consider security and compliance at the outset of their cloud migration programme. Hardened images require minimal maintenance and provide a standardised, pre-configured environment that meets industry-recognised security benchmarks from the beginning. “Bolting on security at the end is always hard – and it’s always less effective than integrating it from the beginning,” says Freeley. It’s a simple way to start securing in the cloud, and not scramble to fix gaps later.
* Article first published on brainstorm.itweb.co.za
Share