The Hazy Cloud Space Is Expected To Be Full Of Threats!

Nowadays most businesses are thinking of moving to cloud environments if they haven’t moved already. Cloud computing offers a range of benefits to businesses including cost-effective data storage, quicker turnaround, faster deployments, scalability, enhanced collaboration, remote working and more. All this is achieved without the need for physical hardware or a centralized location.

Today, businesses rely on data to function and with the extensive use of data and the desire of businesses to acquire more, the security of data storage becomes a big question. While many businesses choose to continue storing their data in physical data centers, some have begun making the move to cloud-based data centers. This offers them agility in business processes and seamless data storage reducing the need for physical storage space.

According to Gartner, the predicted CAGR of global public cloud services will be 18.24%, making it reach $1 trillion by 2026, as compared to the estimated value of $604.9 billion in 2023. Along with that, by 2025, 95% of new digital workloads will be on cloud platforms, as compared to 2021’s 30%.

The current competition amongst cloud service providers to cater to the increasing number of businesses looking to make the switch has kept prices competitive. This makes it easier for organizations to consider cloud environments and cloud-based data centers.


However, despite its advantages, cloud computing and cloud infrastructure aren’t safe from eCrime and according to studies, this isn’t going to stop any time soon. With the growing popularity of cloud services, threat actors are also realigning themselves. Since public cloud infrastructure doesn’t have defined perimeters, it opens doors to such threats.

A noted intrusion technique is the exploitation of vulnerabilities in known remote code execution (RCE), which includes scanning for vulnerable servers. Additionally, cybercriminals host fake pages to acquire authentication credentials.

Although the use of malware as an intrusive method has reduced, gaining command and control is still prevalent. This is done by threat actors using genuine cloud services for delivery, as many network scanners trust such cloud hosting services. Another threat area is where the cloud service provider itself is manipulated to offer inside roads to networks within the cloud.

Darren Reid (Director - Security Business Unit, VMWare) believes that cloud computing needs an “intrinsic” approach to security, adding, “Security must be built-in, rather than bolted-on”.

He believes that as apps have been modernized and the move to the cloud has accelerated, many organizations have forgotten about the “controls that we used to have”. Adding to that he said, “We’re accessing data via unsecured networks and all of that structure we used to have around us is basically gone”.

According to him, it’s important to know the first point of entry while trying to secure networks. “You can limit to laptops, or segment networks. That’s ok,” he said, adding, “But if an attacker is inside your apps, data is being exfiltrated and you’re about to be ransomed”.


While organizations feel cloud security is a given when purchasing cloud space, that is a misconception. With the increasing incidents in cloud space, businesses must employ effective security protocols for themselves. One such option is Zero Trust, which does not provide trust between services. Another platform finding use in cloud space is Extended Detection and Response (XDR) platforms, which provide extensive visibility across networks and endpoints.

What do you think of the move to cloud space for data storage or cloud computing and do you think there will soon be tools able to thwart cybercriminals? Let us know in the comments below!