How has cloud flipped the regular security narrative?

When infrastructure itself becomes the target

In early 2024, a breach involving Snowflake, Inc. sent a quiet shockwave through boardrooms across industries. Attackers bypassed perimeter defenses entirely; no malware, no exploit kit, no zero-day. They simply walked through an identity gap: weak credentials and excessive permissions.

The attackers pivoted laterally inside multiple customer environments (AT&T, Santander Bank, Ticketmaster, etc.) and exfiltrated large volumes of sensitive data. For many CISOs watching that breach unfold, the lesson was blunt: in the cloud, identity is the new infrastructure – and once it’s compromised, everything that depends on it is suddenly in play.

Some attacks have a cascading effect

One of the many customers impacted by the Snowflake data breach was Ticketmaster, which was using Snowflake systems for marketing and analytics. Hackers used a compromised Snowflake account to access Ticketmaster database, which resulted in the breach of 1.3 terabytes of data of 560 million individuals, triggering numerous lawsuits from customers.

This breach demonstrated that in cloud ecosystems, third-party data platforms become extensions of your attack surface, and when not protected, they can result in havoc.

shutterstock/Kjetil Kolbjornsrud

Cloud security is a global problem

This is a global pattern. 83% of organizations faced a cloud security breach in the past 18 months. 25% of organizations fear of having suffered a breach recently without knowing it yet. Most cloud security incidents are traced back to a combination of misconfigurations, over-privileged identities, or exposed APIs. Increased cloud adoption has created thousands of entry points, each dynamic, ephemeral, and easy to miss.

The rise in attacks is not opportunistic but structural. Cloud environments expand faster than they can be governed. Modern applications are API-driven by design, meaning every service interaction is effectively a mini-perimeter waiting to be tested. Multi-cloud brings architectural complexity that traditional tooling cannot correlate. Security teams are constantly racing business velocity, but adversaries don’t need to outrun the organization; they only need to outrun its controls.

Security-by-design approach

As a result, the old model of “deploy cloud, then secure it” has started to break down. Breaches today don’t occur because CISOs are unaware of the risks, they occur because visibility and enforcement haven’t caught up with speed and fragmentation. Enterprises don’t need another point solution, they need an integrated way to see risk the way an attacker sees it: across posture, identity, runtime behavior, and exposed services.

This is why modern security architectures are consolidating around cloud native application protection platform (CNAPP) as the backbone of cloud defense, bringing posture, workload and identity analytics together instead of expecting teams to stitch insights manually.

Posture evaluation isn’t just about configuration drift any more

It’s about anticipating the attack path before it becomes actionable. API defense is no longer a niche extension, it is the new frontline. And Zero Trust, once treated as strategy rhetoric, is now the only rational method of preventing lateral movement after the inevitable compromise of a credential or token.

At the same time, regulatory pressure has quietly reframed cloud governance. Boards and insurers are no longer asking “Are you compliant?” They are asking, “Can you continuously prove it?” Evidence is becoming as critical as control.

Organizations need more than implementing cloud controls

Organizations need to operate security as an assurance layer; across CNAPP, posture management, API visibility, Zero Trust enforcement, microsegmentation and continuous compliance. Where in-house teams struggle with scale and signal-to-noise, a security partner can bring sustained visibility and managed resilience. That turns cloud risk into a controllable variable and cloud innovation into something security no longer must slow down.

In 2025, the real question is whether your organization can continuously defend and prove its cloud posture at enterprise scale. The ones who can, will accelerate. The ones who can’t, will continue to absorb the cost of architectural blind spots. T-Systems helps make sure you are in the first category.

Doubling down on AI but worried about security? Read this e-book today — get your copy here.