The hidden gaps in your cloud security fabric

1. Pro

The hidden gaps in your cloud security fabric Opinion By Doug Merritt published 25 November 2025

The biggest cloud threats now hide in plain sight.

Comments (0) ()

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock / Blackboard)

The cybersecurity landscape has undergone a seismic shift. As enterprises race to adopt multicloud architectures, containerized applications, and artificial intelligence, the traditional perimeter-based approach to security is proving dangerously outdated.

What used to be internal traffic within a protected data center now moves across public infrastructure, often without adequate visibility or control. In this new reality, organizations are increasingly blind to the vulnerabilities within their own cloud environments.

Doug MerrittSocial Links Navigation

Chief Executive Officer, Aviatrix.

• Amazon Black Friday deals are live: here are our picks!

Many companies experience difficulties integrating cloud firewalls into their broader security strategies. And many more struggle to monitor and secure east-west traffic—lateral movement of data between cloud-native applications—leaving significant gaps that attackers can exploit.

You may like

• You’ve probably lost sight of your network – here’s why
• Security tool bloat Is the new breach vector
• Multi-benefit and multi-risk: how to balance pros and cons of multi-cloud

Perhaps most alarming: many enterprises have almost no control over egress traffic, the very channel attackers most often use to establish command and control communications once they’re inside and abuse for data exfiltration.

The Expanding Attack Surface

These gaps stem from a fundamental misunderstanding of where risk now resides. Security models still rooted in the idea of a hardened outer shell fail to account for today’s atomized, dynamic, and decentralized environments.

Every virtual private cloud (VPC), Kubernetes cluster, ephemeral container, and API endpoint now acts as a potential entry point.

This explosion of mini-perimeters means that what once constituted a single attack surface has now fractured into thousands, or even hundreds of thousands, of potential vulnerabilities.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

The adoption of technologies like Infrastructure as Code (IaC), AI, and containerization has introduced speed and scalability into enterprise environments. But it has also outpaced the ability of many security teams to monitor and govern deployments effectively.

The rapid rise of employee-led AI initiatives, often deployed outside formal IT governance, further complicates matters by creating data pathways that evade traditional controls.

In parallel, multicloud strategies introduce architectural complexity. Each cloud provider has unique tooling, policies, and configurations, forcing security teams to juggle inconsistent frameworks across environments.

You may like

• You’ve probably lost sight of your network – here’s why
• Security tool bloat Is the new breach vector
• Multi-benefit and multi-risk: how to balance pros and cons of multi-cloud

This fragmentation creates blind spots, especially at the communication points between workloads in different clouds, where consistent policy enforcement is nearly impossible.

What was once a clearly defined boundary has become a porous mesh of unmonitored connections. In many cases, east-west traffic is still implicitly trusted, despite its growing role in enabling lateral movement during attacks.

And egress traffic, the outbound path workloads take to the internet, is often wide open by default.

For example, a VM in Azure typically spins up with unrestricted outbound internet access. Internet access means that anyone with an internet connection can find and communicate with that workload.

These workloads represent opportunities for attackers to lodge themselves where they can patiently study the environment, gain additional privileges, and begin to move laterally, eventually inserting dangerous malware or quietly siphon data out.

Rethinking the Cloud Security Fabric

The traditional approach to internet security, building walls at the edge isn’t applicable to enterprise cloud environments. Instead, organizations must adopt a model that embeds security directly within the network fabric of the cloud.

This inside-out approach focuses on the actual communication paths between workloads, rather than mythical cloud perimeter defenses that are increasingly easy to bypass.

This emerging concept, pioneered and referred to by Aviatrix as cloud native security fabric (CNSF), reimagines security as a distributed enforcement layer that travels with workloads and adapts in real-time to changes in topology.

Even more importantly, it uniformly addresses the very different generations of workloads that typically exist across enterprise landscapes: “VM tethered” monolithic apps that were lifted and shifted to the cloud as well as modernized applications built utilizing the much more efficient and ephemeral Kubernetes and serverless approaches.

Key principles of this approach include:

Embedded Security: Enforcement policies and controls are implemented within the infrastructure itself, not applied from an external network.

Dynamic Segmentation: Security policies adapt as workloads spin up, down, or shift locations with intent-based policies.

Identity-Aware Controls: Access decisions are based on workload identity and context, even for encrypted communications.

Egress Visibility and Control: Outbound traffic to the internet is inspected and governed, closing a critical blind spot for data exfiltration.

Frictionless Enforcement: Security mechanisms operate in real-time without hindering development velocity.

This shift doesn't mean abandoning existing security tools but rather enabling them to reach areas of the environment they currently miss. By embedding enforcement into the cloud fabric, insights from monitoring tools can translate into immediate, automated action, closing the gap between detection and response.

The Path Forward

The implications for enterprise security teams are clear: either evolve or fall further behind. Cloud environments demand security models that are just as scalable, dynamic, and distributed as the workloads they support.

Organizations must shift their focus from guarding the edges to securing the connective tissue between services.

That means:

- Prioritizing east-west traffic monitoring and segmentation.

- Eliminating implicit trust between cloud workloads.

- Enforcing visibility and control at the egress perimeter.

- Embedding enforcement capabilities directly into cloud infrastructure.

- Treating security not as a gatekeeper but as an enabler of speed and innovation.

The battlefield has moved. The biggest threats no longer sit at the front gate; they lie hidden between workloads, and in the unmonitored outbound traffic that attackers exploit.

Enterprises that continue to rely on outdated models are not just behind; they’re blind to the risks that may impact them the most.

Check out our feature on the best IT infrastructure management services.

TOPICS AI Doug MerrittSocial Links Navigation

Chief Executive Officer, Aviatrix.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more You’ve probably lost sight of your network – here’s why    Security tool bloat Is the new breach vector    Multi-benefit and multi-risk: how to balance pros and cons of multi-cloud    Agentic AI introduces new security challenges in era of MCP and A2A    When prevention fails: the case for building cyber resilience, not walls    Shadow IT is threatening businesses from within - and today’s security tools simply can’t keep up    Latest in Pro NordLocker is one of the most trusted security platforms out there - and its cloud storage offering has some great Black Friday deals    Black Friday shopping scams are on the rise - experts warn many new domains could be dodgy, here's what to look for    Windows Server flaw targeted by hackers to spread malware - here's what we know    Hostinger just got even cheaper - get 88% off with this Black Friday deal, exclusive to TechRadar    When prevention fails: the case for building cyber resilience, not walls    Unveiling MPEG-I: The next generation of VR and AR audio    Latest in Opinion The hidden gaps in your cloud security fabric    Elon Musk on the future of jobs and AI, 'My prediction is that work will be optional'    A glimpse into the next decade of connectivity: 4 lessons from Yotta 2025    Protecting productivity: the imperative of cybersecurity in manufacturing    Human risk: don’t blame the victim, fix the system    What is data governance and why is it crucial for successful AI projects?    LATEST ARTICLES

1. 1I ditched Google for a secure alternative − now it's 50% off meaning you can too!
2. 2Game of drones – DragonFire laser is so accurate it can hit a coin from a kilometer away, and even 400mph drones didn't stand a chance
3. 3GMKtec's next mini PC will be the first to feature Intel Panther Lake - and some other seriously impressive specs
4. 4Experts tried to get AI to create malicious security threats - but what it did next was a surprise even to them
5. 5Sam Altman and Jony Ive AI device is now in its prototype phase and its 'vibe' is defined