• Public cloud is an attractive target for ransomware and other cyberthreats.
• Yet most public cloud users don’t know where their infrastructure may be vulnerable to motivated attackers.
• Organizations need to take steps to take better control of their data and reduce their risk.

The adoption of cloud computing has revolutionized the way businesses operate, offering scalability, flexibility, and cost-efficiency. However, as Sunjeet Randhawa, Director of Government Affairs and Policy Counsel, Broadcom, recently pointed out in his blog, “Have We Reached a Public Cloud Tipping Point?,” a rising number of disruptive outages have caused organizations to rethink their cloud strategy. In this piece, we’ll explore the risks associated with public cloud and share key protection measures to mitigate these threats. ​

Understanding public cloud risks ​

Public cloud environments can create more security and compliance risks because companies do not fully control the underlying systems and must share infrastructure with other customers. At the same time, public cloud users often lack a clear, end-to-end view of how their systems are set up, how data moves, and the other identities using the same services. Public cloud risks include:

• Standardized Architecture: Public cloud providers use standardized tools, storage systems (e.g., S3), and networking configurations that are widely known. ​ Hackers can exploit this knowledge to breach infrastructure, potentially gaining access to multiple customers. ​
• AI-Enhanced Threats: AI-enabled cyberattacks are accelerating the discovery and exploitation of vulnerabilities. ​ AI also empowers lower-skilled attackers to carry out more complex attacks.. ​
• Cost and Certification Challenges: While public cloud solutions promise cost savings, organizations can face unexpected expenses, including compliance with government regulations like FedRAMP. ​
• Supply Chain Vulnerabilities: Public cloud providers serve a large customer base, making them attractive targets for attackers. ​ A breach in a public cloud environment can therefore lead to widespread disruption at multiple organizations.

The Shift to Private Cloud and Hybrid Cloud

As the threat landscape evolves, many organizations are shifting workloads to private and hybrid cloud environments. ​In fact, Gartner predicts that by 2027, 90% of organizations will adopt hybrid cloud strategies, leveraging both public and private clouds to optimize performance, security, and cost-efficiency. To mitigate the risks associated with public cloud environments, organizations must adopt robust security measures including: 

• Implement Zero Trust Security: Zero trust assumes no user or device is trustworthy by default. ​ Organizations should enforce least privilege access, ensuring that users only have access to the data and systems necessary for their roles. ​ This limits the impact of a breach. ​
• Monitor Network Activity: Continuous monitoring of network activity is essential to detect and respond to threats in real time. AI-powered tools, analytics, and automated alerts can help organizations identify unusual behavior, unauthorized access, and potential vulnerabilities. ​
• Use Encryption: Encrypting data both at rest and in transit is crucial to protect sensitive information from unauthorized access. Encryption ensures that even if data is intercepted, it remains unreadable without the decryption key.
• Regularly Update and Patch Systems: Outdated software and systems are common entry points for attackers. Organizations should implement regular updates and patch management processes to address vulnerabilities and keep their infrastructure secure.
• Conduct Security Audits: Regular security audits help identify weaknesses in cloud configurations and security protocols. Organizations should assess their cloud environments for compliance with industry standards and best practices.
• Leverage AI and Automation: AI-powered security tools can enhance threat detection and response capabilities. Automated solutions can identify vulnerabilities, block suspicious activity, and provide insights into potential risks, enabling organizations to stay ahead of attackers. ​

Future of Cloud Computing: 2025 and Beyond ​

The future of cloud computing will see businesses adopt more nuanced strategies to address their specific needs. ​ Key trends include:

• Hybrid Cloud Dominance: By 2027, hybrid cloud strategies will be the norm, allowing businesses to leverage the strengths of both public and private clouds. ​
• Enhanced Private Cloud Performance: Broadcom CEO Hock Tan recently highlighted the advancements in private cloud technology at VMware Explore, stating, “With VCF 9.0, private cloud now outperforms public cloud. ​ It has better security, better cost management, and greater control.” ​
• Rethinking Cloud Strategies: Businesses will increasingly evaluate their specific needs rather than adopting blanket cloud-first approaches. ​ Different workloads will be placed in environments that best meet their requirements for security, performance, and cost-efficiency. ​

The shift toward private and hybrid cloud solutions like VMware Cloud Foundation (VCF) reflects a growing recognition of the need for greater control, security, and adaptability in an evolving technological landscape. ​ While outages are unpredictable, there are steps you can take to improve your cyber resilience and business continuity when the unexpected happens. Learn how solutions from Symantec and Carbon Black, which earned AAA ratings with perfect scores on real-world tests from SE Labs, can benefit your organization.