Why Hybrid Cloud Security Is A Top CISO Priority For 2025

Forbes

22-07-2025

Jonathan Fischbein is the Chief Information Security Officer at Check Point Software Technologies.
Cloud infrastructure has become the backbone of modern IT frameworks, playing a critical role in supporting services ranging from email and data storage to application hosting and DevOps. As organizations continue to accelerate their adoption of cloud technology to streamline operations and drive business efficiency; they may also be exposing themselves to an expanding array of security risks and vulnerabilities.
The rise of hybrid cloud environments—where companies utilize a mix of private and public clouds—has only compounded these security risks. According to research by my company, Check Point, security risks from hybrid cloud deployments pose a unique set of challenges for cybersecurity professionals. From vulnerabilities related to administration and misconfigurations to challenges in threat detection and prevention, global CISOs must become more vigilant in their treatment of hybrid environments.
The Complexity Of Cloud Administration
As organizations expand their cloud footprint to take advantage of cost, performance and geographic efficiencies, they must now monitor for issues across a more diverse and disconnected cloud ecosystem. With each new cloud service provider comes a new potential threat surface and an opportunity for administrative oversight. Navigating this ever-expanding landscape is no easy task, especially when administrators are tasked with managing myriad configurations and settings to ensure the security of their environments.
One of the most challenging aspects of cloud security is the management of non-human identities (NHIs), such as service accounts, API keys and built-in user accounts. These entities are critical to the functionality of cloud systems but can often be misconfigured or inadequately secured, providing easy points of entry for attackers.
One example occurred in January 2024, when the advanced nation-state threat group Midnight Blizzard exploited a misconfigured OAuth application in Microsoft's Azure environment. This vulnerability allowed attackers to pivot from testing environments to production, accessing sensitive systems and even internal emails from top Microsoft executives.
In India, a misconfigured S3 bucket exposed over 500GB of sensitive personal and biometric data, including information from military personnel, while other major corporations also experienced breaches due to misconfigured cloud storage containers.
The Hazards Of Hybrid Environments
Many organizations use identity and access management (IAM) solutions to integrate and streamline user authentication across both cloud and on-premises systems. While this integration provides seamless user experiences, it also creates potential pathways for lateral movement by attackers.
Why is this so important? Once attackers compromise an on-premises network, they can pivot into cloud environments through various vectors, including hybrid user accounts and cloud connectors.
In 2024, an attack like this occurred when the financially motivated threat actor Storm-0501 launched a series of multi-stage attacks against hybrid cloud environments. These attacks allowed the actor to deploy backdoor accounts, spread ransomware and infiltrate sensitive systems across the network.
Securing Single Sign-On Accounts
Single sign-on (SSO) systems have become a popular method for managing authentication across cloud and on-premises applications. However, as organizations increasingly rely on third-party SSO providers, cybercriminals have shifted more focus to exploiting these services. Credential stuffing and brute-force attacks are common tactics used to compromise SSO accounts, making them prime targets for advanced persistent threat (APT) groups.
This highlights a critical concern: the reliance on third-party SSO providers for security can be risky, especially if their own security practices are not up to par. Without comprehensive visibility into log data and account activity, organizations may struggle to detect and respond to security incidents in a timely manner.
The Emergence Of AI-Driven Threats
As cloud providers integrate more advanced technologies into their offerings, one of the most significant emerging threats comes from generative AI. Cloud services now provide the infrastructure to build, train and deploy custom large language models (LLMs), enabling companies to create tailored AI solutions for their specific business needs. These models can integrate proprietary data, offering better control over sensitive information and ensuring privacy.
However, as AI becomes more accessible, threat actors are finding new ways to exploit these technologies. One of the newest threats is a form of cloud hijacking known as LLM-jacking. In this attack, malicious actors compromise cloud accounts to take control of existing hosted LLM models or deploy their own.
Once in control, attackers can resell access to these models or exploit them for malicious purposes. For example, one group used an LLM proxy to resell access to the model, while others leveraged jailbreaks to create and sell uncensored chatbot characters.
This trend isn't just hypothetical. Threat groups have been caught using ChatGPT to generate advanced tools and research vulnerabilities. There is also now growing evidence that threat actors may pivot to private LLM instances to gain better operational security, using cloud-based AI for more sophisticated, harder-to-detect attacks.
Hybrid Cloud Visibility And Protection Have Become Mission-Critical
The cloud's attack surface is growing exponentially as businesses continue to leverage its capabilities for operational efficiency. Protecting these environments requires staying ahead of evolving threats, securing both cloud and hybrid infrastructures, and continuously refining security practices. The key to mitigating cloud vulnerabilities lies in understanding the technology's evolving nature and taking proactive measures to safeguard sensitive data and systems.
Of course, in the AI era, a prevention-first security strategy means organizations must leverage AI solutions to drive real-time detection and response and consolidate security operations. Most importantly, security must be a primary business goal. Building modern cyber resilience requires a robust zero trust strategy, automated threat and misconfiguration management, agile and comprehensive data protection and more. Organizations must prioritize the investments and tactics that will help them build the cybersecurity foundation they need. By staying ahead of the curve, businesses can defend against the next generation of cloud-based cyberattacks.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?