The cloud’s real security crisis

The cloud was supposed to dramatically simplify security. Instead, both it and the hybrid mesh (combining clouds and data centres into a giant, complex environment) have become the greatest source of blindness in IT history. Every day, a cloud environment changes thousands of times. And the visibility and observability of, and insights into, what’s moving through it? It’s a static picture from last week, or month, or year, if you’re lucky enough to have any picture at all. This new blind spot is both dangerous and incredibly risky.

 

Organisations and the cyber-security industry have finally accepted what we’ve all known for many years: breaches are inevitable. And as they say, the first step to solving any problem is admitting you have one. Unfortunately, we took far too long to get here, and attackers are becoming smarter and more sophisticated every single day. So now we have to ask the most urgent question: why are we still so blind once a breach occurs?

 

It’s good news that we’ve stopped pretending we can keep every piece of ransomware and attacker out. Now, in a post-breach world, cyber-security has two missions: prevent whatever attacks we can; and for those we can’t, find and prevent them from spreading as quickly as possible. Unfortunately, we have never focused on building the tools to show us the real threats and insights into what’s moving inside our environments. Despite spending a projected $212 billion in 2025 on new security tools and services, we’re still flying blind.

 

Promised simplicity... but actually just more of the same

 

The move to the cloud was supposed to solve problems by giving us speed, scale and, most importantly, greatly increased transparency. Instead, we got more of the same, and then some. We now have a complex, hybrid, multi-cloud networked environment, making even the most basic observability almost (if not entirely) impossible.

The cloud world is the same black hole we’ve had for decades, just much bigger and significantly more complicated.

 

The cloud has made environments more complex and with more sprawl than ever before. Systems and services run across multiple clouds, regions and platforms. And despite the proliferation of clouds, we still have plenty of data centres being run and built. Not surprisingly, our ability to observe and understand these highly connected environments has fallen behind. Attackers are using our lack of visibility and insights into our own environments to penetrate, live inside for months (or years), and exfiltrate our most sensitive data, information and secrets.

 

As the expression goes: the defender must be right 100 per cent of the time. The attacker only must be right once.

 

The hybrid world didn’t just increase the attack surface – it exploded it exponentially. Unfortunately, when things get this complex, they also get harder to see, harder to understand, and nearly impossible to defend.

 

You can only defend what you can see

 

Every breach follows almost exactly the same playbook. The attackers get in, move laterally and hide easily because we are flying blind (often for months or even years). Finally, when they reach critical assets, they exfiltrate whatever they want. They succeed partly because they are getting smarter and more sophisticated with every attack. However, more often than not, they are successful because we don’t know they are even there, and we don’t have the tools to find them.

 

It’s not a data problem. We have more data, logs and telemetry than ever before. Our issue is that traditional security tools weren’t built for this world, and didn’t contemplate solving this problem. Dashboards, list of assets and network recorders all generate data, but the insights and information we need in real-time are still a mystery.

 

The graph is the future, and it’s here today

 

We have the data, but not the information we need to defend ourselves in the post-breach world. We need real-time, complete understanding of what is in the environment, how things are connected and talking to each other, and insights into the risky traffic and connections that are occurring all the time without our knowledge.

 

The security graph creates a living map of your environment, and the AI-powered security graph helps us to both understand it and find the risk within it.

 

We must put an end to thinking cyber-security is about generating more alerts or manually sifting through unending data to find the next clue that may or may not be valid. Just as attackers have become more sophisticated, defenders and the tools we use must do the same. The AI-powered security graph uncovers every needle in every haystack to ensure that once the threat is inside, we find and stop it from spreading as quickly as possible.

 

The reality is that attackers have been thinking in graphs for years, while defenders have been stuck thinking in lists. In the extraordinarily complex, multi-cloud, hybrid mesh world of 2025, the defender’s math no longer works. If we’ve learned anything from breach after breach, it should be the understanding that attackers don’t have to rely on much to compromise the environment. They take advantage of the lack of visibility and blind spots that we’ve created to get in, stay in and move around unnoticed for far too long.

 

The visibility and insights that only the AI-powered security graph can deliver give us the real answer to increasing cyber-resilience and will allow us to survive and thrive in the post-breach world.

---

Contain the breach with Illumio