Features

A number of workloads moved to the cloud years ago, but the security thinking needed to protect them is still catching up. According to Red Hat’s ‘The State of Cloud-Native Security 2026’ report, 97% of organisations had at least one cloud-native security incident in the past year, and 74% slowed or delayed application deployments because of security concerns. There’s nothing unusual about this. Misconfigurations and known vulnerabilities lead the list of incident types, which means that everyday lapses like leaving a storage bucket open or deploying an unpatched container are actually causing more trouble than sophisticated attacks. “Security often takes a backseat for the sake of innovation and velocity,” says Seagyn Davis, field CTO for cloud and modernisation at LSD Open. “We don’t see many organisations investing in proactive security measures until the real threat of a breach either happens to them or is made known to them.”

Moving to the cloud exposes gaps that are only noticed once workloads are running there. Teams start seeing behaviour they never had to account for on-premises, including lateral movement between virtual machines and applications that traditional firewalls were never designed to detect. By then, the environment is already built on assumptions that do not match how it behaves. Hybrid and multicloud setups only make this harder to untangle as very few environments today run on a single cloud platform. “Organisations that moved to the cloud expanded their attack surface,” says Tunde Abagun, sales lead for West, East and Central Africa at Nutanix.