How to address cloud-native security risks in 2025

Gartner predicts that public cloud end-user spending will surpass $675 billion by the end of 2024. In 2025, as AI systems proliferate and organizations increasingly store sensitive data in public cloud infrastructure, many stakeholders will begin demanding more robust cloud security measures.

Additionally, cybercriminals are becoming more inventive than ever. They now rely on AI and machine learning (ML) to improve and iterate on their methods, just as we all do. Interestingly, despite advances in cloud security, research suggests that common vulnerabilities like unenforced multi-factor authentication (MFA) and long-lived credentials continue to expose many companies to risk. Patching these known vulnerabilities will be crucial next year.

Cybercriminals aren’t the only consideration. As businesses grow more reliant on cloud providers, they must also adapt to an increased focus on evolving security frameworks -- such as the National Institute of Standards and Technology (NIST), which provides crucial structures for data management, governance, and vulnerability control. In some industries, such security frameworks have regulatory mandates behind them, which means failing to comply can result in financial penalties, legal issues, and reputational damage.

To adapt to these emerging trends in 2025, IT leaders must actively manage data settings, access controls, and protections to ensure full compliance with the relevant regulations as well as security best practices. They should also commit to understanding the shared responsibility model and implementing best practices for cloud security.

Understanding the shared responsibility model

Many IT practitioners fail to understand where a cloud provider’s obligations end and a business’s responsibilities begin in terms of cloud security. That’s where the shared responsibility model comes in.

The shared responsibility model clarifies roles and distinctions so that misunderstandings about the division of responsibility never result in mismanaged configurations or unprotected data. It divides accountability between the cloud provider and the customer, helping businesses understand their specific roles in maintaining a secure cloud environment.

Cloud service provider responsibilities

Providers like Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP) are in charge of the security of the cloud itself. Their responsibilities include maintaining the physical security of data centers, managing the hardware infrastructure, and ensuring foundational services are up to standard. Providers also update and secure their cloud platforms, ensuring reliable uptime and compliance with infrastructure-related standards.

Customer responsibilities

Clients are responsible for securing anything within their cloud environment. This includes managing virtual machines, securing applications, implementing access controls, and encrypting data. Businesses must also comply with applicable regulatory standards. Some customers may work with a third-party partner, such as a managed service provider (MSP), to augment or manage these tasks.

Best practices for maintaining compliance

By following these steps (not particularly in order), organizations can build a framework that promotes both security and compliance:

1. Conduct regular risk assessments: Risk evaluations, such as continuous penetration testing, help organizations identify vulnerabilities in cloud infrastructure, applications, and data processes. By conducting such assessments on an ongoing basis, businesses can proactively address existing security stopgaps and refine their security practices.

2. Develop and implement security policies: Crafting comprehensive security policies around data protection, encryption, and incident response ensures a standardized approach across the organization. Update these policies regularly to reflect the most up-to-date procedures.

3. Backup and encrypt sensitive data: Back up and encrypt data at rest and in transit to minimize the risk of unauthorized access, corruption, or data loss.

4. Set up and review access controls: All systems should observe role-based access control (RBAC) based on the principle of least privilege. Remember to regularly review and adjust permissions based on role changes and usage patterns.

5. Implement data classification: Review data and classify it based on sensitivity. Then, implement targeted security measures that carefully guard the most sensitive data, such as personally identifiable information (PII) or otherwise confidential records.

6. Train employees on security best practices. Despite major advances in cloud computing and security over the last decade, human error remains the #1 source of breaches. So, educate employees on cybersecurity risks, phishing prevention, and proper cloud usage.

7. Automate security processes: Leverage automation for tasks like backup creation, compliance monitoring, and threat detection. Automated solutions can also streamline compliance tracking, helping organizations stay prepared for audits.

8. Conduct security audits and regularly test controls: Routine audits and control testing enable organizations to assess the effectiveness of their security measures and make necessary adjustments. This proactive approach can reveal hidden vulnerabilities before they lead to compliance failures or security incidents.

9. Adopt a Zero-Trust model: A Zero-Trust model reinforces cloud security by requiring verification from every user, device, and application attempting to access the network. This strict approach mitigates risks associated with unauthorized access and compromised credentials.

10. Consider managed cloud security services or third-party support: Managed security services can be a strategic choice for organizations seeking specialized support with compliance management and risk mitigation. These providers offer expertise in handling regulatory standards, real-time monitoring, and security strategy, allowing internal teams to focus on strategic business initiatives.

Securing public cloud environments while maintaining compliance will be a challenging but necessary balancing act in 2025. Luckily, organizations can protect their cloud assets by understanding their role in the shared responsibility model, adopting best practices, and leveraging advanced security frameworks.

Jonathan Lerner is the CEO and president of InterVision and has overseen the product development and sales of a wide range of services which include hybrid cloud infrastructures,cybersecurity, AI, ML, SaaS, mobile, on-premise and on-demand services.