Cloud solutions are more widespread – and therefore more exposed – than ever.
In 2023 alone, a staggering 82% of data breaches took place against public, private, or hybrid cloud environments. Additionally, nearly 40% of breaches affected multiple cloud environments. The average cost of a cloud breach was higher than the overall average of $4.75 million. In an era where cloud has become the de facto standard – with 65% of IT decision makers confirming that cloud-based services are their first choice when upgrading or purchasing new solutions – despite its overwhelming importance, security of the cloud still faces multiple challenges.
Security challenges in the cloud
One of the biggest obstacles is the lack of visibility. Unlike physical servers that you can see and touch, cloud resources are often distributed across vast networks, making it difficult to monitor suspicious activity and leaving vulnerabilities undetected. Another challenge is the inconsistency between cloud providers’ permission management systems. Different providers have different controls over who can access and modify data. This inconsistency creates complexity and increases the risk of accidental misconfigurations, which are a leading cause of breaches.
Additionally, with multiple teams involved in cloud implementations (development, operations, security), clear ownership and responsibility for cloud security can be confusing. This lack of coordination can lead to situations where best security practices are overlooked or bypassed. Additionally, many attacks move from the cloud to on-premise environments and vice versa, which can put both environments at risk.
All of these challenges highlight the urgent need for robust cloud security solutions that provide complete visibility, standardized permissions management and clear lines of responsibility. However, security resources are limited even in the best-equipped teams, and cloud security teams are expected to investigate and remediate thousands of exposures that may not all have the same impact on critical resources. This leads to uncertainty about what to address first and how to actually address all identified exposures, leaving cloud environments open to cyberattacks.
Ongoing management of exposure is essential
Instead of chasing countless vulnerabilities, security teams need to prioritize the most critical ones. This means being able to quickly identify the most dangerous attack paths and take preventative actions against advanced attack methods in the cloud.
By focusing on high-risk areas, cloud security teams can create targeted remediation plans that prevent serious attacks, streamline workflows, and accurately flag real threats across multiple cloud environments. The key to achieving this is Continuous Threat Exposure Management (CTEM), a proactive and continuous five-step program or framework that reduces exposure to cyber attacks. First introduced by Gartner in 2022, CTEM has proven essential for preventing high-impact attacks, improving the efficiency of remediation solutions, and reporting real risks.
Stop letting hackers play connect the dots with your cloud security. Discover the secret map they don’t want you to have in our eBook: ‘The power of attack paths in the cloudLearn to view, intercept and protect your digital fortress like never before.
CTEM was introduced to solve the problem of endless lists of exposures, and more specifically vulnerabilities, in on-premise environments. The inability to highlight and remediate the most critical exposures leaves security teams scrambling to remediate CVEs that may or may not be exploitable or impactful in their specific environment. In multi-cloud environments, vulnerability lists may be shorter, but combined with misconfigurations and highly privileged access, they add up to a long list of exposures that attackers can use to breach the multi-cloud environment and that teams of security they have to face. The only way to stop attacks is to identify and remediate the exposures with the greatest impact on your business. This requires adopting the CTEM framework in the cloud environment.
Solve what matters in multi-cloud
To help cloud security teams address what matters and block high-impact attacks in multi-cloud environments, a comprehensive CTEM program will highlight the highest-impact entities that can compromise cloud resources. These solutions identify cloud resources that can be compromised and uncover any exposures that attackers can use to compromise them. Mapping the attack paths that attackers could exploit helps prioritize and validate the most impactful exploitable exposures in the multi-cloud environment to address them first.
For example, taking the attacker’s perspective helps you identify key choke points. Chokepoints are critical weak points in cloud defenses, where multiple attack paths converge on a single exposure. They can be easily compromised by attackers who can then access a vast network of resources: databases, computers, identity checks, and more. By prioritizing these high-impact areas, security teams focus on the most attractive targets for attackers, maximizing the return on their security efforts. The most common choke points include systems connected to the Internet and unused login accounts. Addressing them significantly reduces the attack surface, effectively hardening the entire cloud environment.
 |
| Cloud Choke Point example showing inbound and outbound attack paths |
Another example of high-impact exposure comes from highly privileged default access. Highly privileged accounts, such as default administrators, are considered “game-over” resources. If compromised, attackers can cause damage. Having a comprehensive approach to CTEM helps identify these accounts and uncover weaknesses that could make them vulnerable. This includes identifying administrative access without multi-factor authentication (MFA) or unused service accounts – essentially; weaknesses that attackers would like to exploit.
To ensure critical exposures are addressed, advanced exposure management solutions provide guidance and alternatives for remediation. In most cases, highly privileged accounts or Internet-connected resources cannot be restricted, but analyzing the attack path leading to them allows you to find a solution that reduces their exploitability and therefore their risk level .
Stop attacks on hybrid environments
Attackers are not limited by hybrid environments, and defenders must ensure that they are not limited as well. Solutions that analyze hybrid attack paths, across on-premises and multi-cloud environments, enable security teams to stay one step ahead of attacks by understanding exactly where they are exposed to cyber threats. These tools provide comprehensive details on potential breach points, attack techniques, permission usage, and remediation alternatives to help customers address these exposures and block the most critical attack paths.
 |
| Example of a hybrid attack path on MS Active Directory and AWS |
Summary
While traditional cloud security struggles with the volume of ever-present exposures, CTEM offers an actionable remediation plan by focusing on the most critical ones in a specific environment. The right approach to CTEM spans both on-premises and multi-cloud, spanning the entire IT landscape. This holistic approach eliminates blind spots and allows organizations to move from reactive to proactive defense. By adopting CTEM, organizations can ensure their success in the cloud-based future.
Note: This expert-provided article was written by Zur Ulianitzky, VP Security Research at XM Cyber.