The industry speaks: World Cloud Security Day 2025

From our own Rapid7 analysis, cloud misconfigurations continue to remain one of the biggest security gaps, and they can often result in breaches. Furthermore, there are many organisations that still misunderstand the shared responsibility model, assuming cloud providers fully protect their data. Unfortunately, this misconception leaves organisations vulnerable to cyber attacks.

Given that AI-powered attacks are on the rise, businesses must prioritise continuous monitoring to increase visibility, proactive threat detection to mitigate threats sooner, and security automation to reduce noise and drive efficiency. Compliance is also evolving, and failing to stay ahead could result in regulatory penalties and reputational damage.

Cyber security isn’t just a technical challenge. It remains a business imperative, and strengthening cloud defences now will help ensure organisations can innovate securely and thrive in an increasingly digital world.

Charles Chu
General manager, IT and developer solutions, at CyberArk

VIEW ALL

World Cloud Security Day is a timely reminder of the critical need for robust cloud identity security. Cloud-native organisations operating in complex, multi-cloud environments are navigating a rapidly evolving landscape and an explosion of identities – both human and machine – that traditional security models struggle to manage. The lack of visibility and inability to manage unchecked privileged access swiftly results in greater vulnerability, risk and compliance issues.

To address this, organisations should adopt a phased approach – starting with regulatory compliance and advancing to more sophisticated security measures. Implementing Zero Standing Privileges helps to minimise attack surfaces, while centralising identity management ensures consistent enforcement across cloud services. A proactive, comprehensive approach to cloud identity security is essential to safeguard organisational assets in an increasingly complex digital environment.

Morey J. Haber
Chief security adviser at BeyondTrust

World Cloud Security Day marks not just a date, but a reminder of how cloudy our digital skies can become. As organisations transform workflows with an increasing dependency on the cloud, their exposure to sophisticated cyber threats rises accordingly.

This day serves as a reminder that cyber attacks are not just about securing infrastructure; this day and our dependency on the cloud reminds us to reshape our business culture, embedding vigilance into every service we operate outside of our traditional corporate perimeter.

Breaches today are not surprises; they are indicative of gaps between rapid innovation and faults in secure-by-design maturity. Cloud Security Day compels us to confront uncomfortable truths regarding convenience, innovation, security, and privacy. This day reminds everyone, not just security professionals, that we must embrace security not as an add-on, but as a foundational component woven directly into our daily habits and the digital fabric that makes up the services in the cloud. To that end, the cloud will not secure itself; that is a distinctly human responsibility, and this day serves as a reminder for all of us to be vigilant every day with cloud security.

Alex Smith
Director of IT & Corporate Security at Censys

As industry professionals, we know that “cloud security” has become synonymous with simply ‘Security’ these days. Our identity, email, and storage providers are quickly becoming cloud-based. With more and more of these systems natively being hosted on the internet, the chances for unintended exposure are that much higher. As we scale our systems to match the ever-increasing reliance on cloud services, visibility into our environments is absolutely crucial. While we often focus on what we know, we need to be expending more energy towards surfacing the unknowns. A lack of visibility can lead to misattributed internet-facing assets and outdated data, leaving exposures unsecured for days, weeks, [and], sometimes, years.

While a large portion of these exposures are found in cloud services and account for most of an organisation’s attack surface, it’s important that we not overlook the importance of smaller, isolated endpoints and the systems they operate. A research study in 2024 of Industrial Control Systems (systems that control our water/wastewater systems and agricultural processes) observed that over 145,000 were exposed globally, 22 per cent of that number in Asia alone. Threat actors taking advantage of these exposures can wreak havoc on unsuspecting populations with no forewarning. As a result, digital exposures of this magnitude will not just cost companies money, they could end up costing lives.

Les Williamson
Managing director, Australia and New Zealand, at Check Point Software Technologies

Modern cloud security relies on maintaining control across a distributed and complex infrastructure. A zero-trust framework is essential for this. In a zero-trust framework, every component of an organisation’s security architecture is designed to minimise risks and prevent unauthorised access, regardless of the environment.

Ensuring that only authorised users can access resources is a fundamental part of zero trust. Effective frameworks continuously authenticate and verify user identities, making sure that every access request is thoroughly checked before granting permission. Authentication methods like MFA add additional layers of protection to traditional layers like a password. This goes hand-in-hand with a least privilege access (LPA) policy, which ensures that users are granted the minimal level of access necessary for their specific tasks. This limits the potential for lateral spread in the event that any individual’s account is compromised, as well as accidental misuse. With an effective zero-trust framework, access privileges can be adjusted based on real-time factors so users are able to get the information they need without compromising the security of the larger network.

Equally important is endpoint protection. The traditional security perimeter is no longer relevant, as large segments of the workforce connect remotely or in a hybrid arrangement. Security rules must be applied to every endpoint and connected device, including laptops, mobile devices, tablets, and IoT devices. Ensuring that all of these devices meet specific security requirements before they’re granted access to corporate resources is essential – this can mean up-to-date antivirus protection, up-to-date or specific operating system patches, or updated encryption standards, for example.

Ezzeldin Hussein
Senior director, solutions engineering, at SentinelOne

Cloud security is the foundation of digital trust. Without it, innovation is at risk. As organisations accelerate their digital transformation, the cloud has become the backbone of modern business operations. But with great opportunity comes great responsibility – securing the cloud is no longer optional; it is a necessity. Threat actors continuously evolve, exploiting vulnerabilities in cloud environments, making proactive security measures critical to resilience.

Cloud security is not just about protection; it’s about trust, resilience, and enabling innovation. In an era where data fuels businesses, securing the cloud is securing the future.

World Cloud Security Day serves as a reminder that security is a shared responsibility. Organisations must adopt a zero-trust mindset, leverage AI-driven threat detection, and enforce strong identity and access management policies to safeguard their cloud assets. Security is not a roadblock – it is an enabler of innovation, ensuring businesses can operate with confidence.

Let’s use this day to commit to stronger cloud security practices, foster cyber security awareness, and drive collaboration to build a future where cloud security is woven into every layer of digital transformation. After all, a secure cloud means a secure tomorrow.

Mathieu Chevalier
Principal security architect at Genetec

Cloud solutions are increasingly becoming the preferred choice for businesses looking to get the best of both worlds. By embracing cloud and hybrid-cloud deployments in physical security, organisations can reduce the complexity of maintaining on-premises systems while maintaining a strong cyber security posture.

To strengthen security in the cloud, Genetec recommends the following:

Adopt solutions that support a zero-trust security model – A zero-trust approach ensures that no device, user, or system is automatically trusted, regardless of its location. Every access request is verified, reducing the risk of unauthorised access.

Regularly update and patch systems – Cloud solutions automatically provide software and firmware updates, ensuring vulnerabilities are addressed without delay. Regularly updating and patching your system is crucial for maintaining security.

Implement granular access control – Limit user access based on roles and responsibilities. Utilise strong user authentication measures, such as multifactor authentication, to minimise the risk of unauthorised access.

Establish data sovereignty and redundancy – Choose a cloud provider with data centres in multiple locations to ensure data is stored in compliance with local regulations and to provide disaster recovery options. Data redundancy is key to maintaining business continuity in case of an outage.

Adopt cloud-managed appliances for enhanced cyber security – Replace older proprietary NVRs with cloud-managed appliances to connect existing devices to your cloud platform.

Collaborate with trusted partners – Work with trusted technology providers and channel partners who actively monitor security threats and assist in system hardening, ensuring that your systems are always secure.

Fabio Fratucello
Field CTO, international, at CrowdStrike

As organisations continue to accelerate their move to the cloud, they’re embracing its scale and speed to drive business transformation. However, with this rapid adoption comes expanded attack surfaces. Adversaries are exploiting stolen identity credentials to gain access to cloud environments – often undetected. According to CrowdStrike’s 2025 Global Threat Report, cloud intrusions jumped 26 per cent last year. Valid account abuse was the leading method of initial access, accounting for 35 per cent of all cloud incidents in the first half of 2024.

Traditional approaches to cloud security, where organisations rely on fragmented point cloud security tools, are simply not enough. Organisations should use World Cloud Security Day as a catalyst to assess the security of their cloud environments. To stop cloud breaches, security teams need a unified approach – one that protects cloud infrastructure, workloads, applications, identities, data, SaaS and AI models from a single platform. This closes protection gaps and reduces both complexity and cost. Additionally, security teams need to assess their current runtime protection and cloud detection and response (CDR) capabilities. As cloud security technologies – and threats – continue to evolve, visibility alone into cloud security posture is not enough. Organisations must focus on stopping the breach.