惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
T
Troy Hunt's Blog
Help Net Security
Help Net Security
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
M
MIT News - Artificial intelligence
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V2EX - 技术
V2EX - 技术
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
T
Threatpost
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
I
InfoQ
H
Hacker News: Front Page
D
Docker
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
人人都是产品经理
人人都是产品经理
博客园 - 叶小钗
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
博客园 - 【当耐特】
T
Tor Project blog
U
Unit 42
H
Heimdal Security Blog
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Privacy & Cybersecurity Law Blog
PCI Perspectives
PCI Perspectives
美团技术团队
O
OpenAI News
T
Tailwind CSS Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog
GbyAI
GbyAI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MyScale Blog
MyScale Blog

Cloud Security Alliance

SearchLeak: Copilot Data Exfiltration Exploited | CSA Zero-Trust AI Governance for Multi-Agent Systems | CSA Dangling CNAMEs: Hidden Cloud Risk | CSA Agentic Payments in Financial Services | CSA Mythos and the Future of Cybersecurity | CSA AI-Driven Cloud Risk: Defenders Lose Ground | CSA Financial Services Industry Shifts from AI Adoption to | CSA CSAI Foundation Announces RiskRubric V2 as the Next Key | CSA RiskRubric Updates: AI Risk Assessment | CSA Over 80% of Organizations that Miss 24-Hour Patch Window Report | CSA ORCHIDEAS & MAESTRO: Secure AI Design | CSA Top 6 Claude Security Risks to Watch | CSA Cloud Cost Optimization in 2026 | CSA HIPAA Rule Overhaul in 2026 | CSA AI-Driven Exploits Outsmart Detection | CSA MCP Risks CISOs Should Prepare For | CSA AI Governance for Trust and Compliance | CSA MTTP: Patch Cycles Too Slow | CSA Misconfigurations Break Customer Trust in Apps | CSA Taming Shadow AI: C-Suite Strategies | CSA Agentic AI Threats: Five Powers | CSA AIUC-1: Agentic AI Governance | CSA 2026 Threat Report for CISOs | CSA Securing AI in AWS: Runtime Detection & Response | CSA SLMs, LLMs, and the DSPM Difference | CSA OT Security Timeline: Mythos and Patch Pace | CSA Blast Radius and Cloud Threat Detection | CSA State of AI Cybersecurity 2026: 92% Concerned | CSA AI in MDR for Franchise & Multi-Location Ops | CSA AI Regulation: Identity and Authorization Gap | CSA MITRE ATT&CK for Cloud: Detection Coverage Guide | CSA Shadow AI Agents: The Insider Threat | CSA Medical Device Breaches Reveal Cloud Security Gaps | CSA AISMM: AI Security Maturity Model for Cloud | CSA Globee® Awards for Artificial Intelligence (AI) Honors Cloud | CSA Patching Smarter for Mythos Security | CSA SDP v3: Identity-First Zero Trust for AI | CSA AI-Ready Security Documents Beyond STIX, OSCAL, and SARIF | CSA Penetration Testing for ISO 42001 & Trust | CSA AI Agent Posture: Data-First Security Guardrails | CSA AI Agents Go Beyond Output: Enterprise Security | CSA AI Agent Security Starts with Scope Control | CSA Identity Spoofing vs. Identity Abuse | CSA AARM: Securing the Agentic Runtime | CSA Securing the Agentic Control Plane | CSA CSAI Foundation Announces Key Milestones to Secure the Agentic | CSA Catastrophic AI Risk Controls | CSA Cloud to AI: Building Secure Programs | CSA Identity in AI Era: Zero Trust's First Pillar | CSA SDLC Visibility: Securing Multi-Cloud Development Lifecycles | CSA Cloud Risk: Top 3 Threats & AI Tools | CSA AI Agent Identity Is Solved Backwards | CSA 8 Truths About Cloud Privilege Risk | CSA AI Governance: Mature Programs | CSA Agent Access Management: Data-First Security | CSA Glasswing: AI-Driven Security for Safer Software | CSA Runtime Security: Detection & Real-Time Cloud | CSA Identity as the OS for AI Security | CSA Cloud Misconfigurations Drive Attacks at Scale | CSA Sensing AI Behavior with the WBSC Probe Library | CSA An Actionable Guide to GDPR Compliance for Startups | CSA Cloud Security LIVE 2026: AI Risk & Trust | CSA Shadow AI Agents: Enterprise Governance | CSA Rethinking Non-Human Identity Security | CSA New Cloud Security Alliance Survey Reveals 82% of Enterprises Have Unknown AI Agents in Their Environments More Than Half of Organizations Experience AI Agent Scope | CSA SANS Institute, Cloud Security Alliance, [un]prompted, and OWASP | CSA AI Agents Are Talking: Are You Listening? | CSA Software Supply Chain Security Needs an Upgrade Choosing the Right AI Standard: 7-Point Guide | CSA Audience-Driven Authorization for AI Agents | CSA A CISO's Guide to Cloud Security Architecture | CSA Who’s Behind That Action? The AI Agent Identity Crisis SSCF Adoption for SaaS Security | CSA Mythos and the Vulnpocalypse: Cloud Defenses | CSA AI Security Risks and Data Visibility | CSA From Compliance to Credibility with CAIQ/CCM | CSA The State of Cybersecurity in the Finance Sector: Six Trends to Watch EU AI Act Compliance with prEN 18286 & ISO 42001 | CSA AI Security in the Cloud: Exposure Management | CSA Rethinking Incident Response as Engineering System | CSA Defense Depends on the Creator: AI Security | CSA ATF: Zero Trust for AI Agents | CSA Cybersecurity Needs a New Data Architecture | CSA CSA STAR v4.1 Updates for Cloud Security | CSA Unstructured Data Surges as Enterprises Struggle to Maintain | CSA SC Media Names Cloud Security Alliance’s Trusted AI Safety | CSA Exposed AWS Key Leads to Full Account Takeover | CSA Post-Quantum Cloud Migration for CSA Members | CSA AI Identity Security Compliance Checklist | CSA The Agentic Trust Deficit: MCP's Authentication Vacuum | CSA More Than Two-Thirds of Organizations Cannot Clearly Distinguish | CSA AI Cybersecurity 2026: Insights from 1,500 Leaders | CSA Three-Body Security: Data, AI & Identity | CSA IAM as Safety for AI-Controlled Systems | CSA Kubernetes Cost Savings and Security Debt | CSA Code to Cloud Security: Unified Exposure Management | CSA Retail Misconfigurations Attackers Exploit | CSA Rethinking Authorization for the Age of Agentic AI | CSA Enterprise AI: Guardrails to Governance | CSA
Cloud Security Evolution: Security Teams Lead | CSA
2026-05-20 · via Cloud Security Alliance

Written by Pallavi Singh, Product Marketing Manager, OT Security & Compliance, Darktrace.

Cloud adoption is rapidly on the rise. Gartner estimates that 90% of organizations will adopt hybrid clouds through 2027. 

There are many reasons why organizations are migrating on-premises infrastructure to the cloud. It can increase the speed and scale of computing resources, improve reliability and resilience, and save time by outsourcing the spinning up, patching, and updating of infrastructure. 

However, despite these benefits, it is complex to secure. Public clouds operate with a shared responsibility model, meaning that while the Cloud Service Provider (CSP) maintains the physical infrastructure and services, customer organizations are responsible for their own security and compliance in their cloud deployments. 

Customer responsibility is crucial. Gartner forecasted that through 2025, 99% of cloud security failures would be the customer’s fault. As cloud environments grow, security teams are taking on a greater share of the responsibility to protect these assets.

The many teams involved in cloud security

Several teams work across the cloud, and all of them can contribute to cloud security. For example, basic cyber-hygiene and Identity and Access Management (IAM) should be practiced across teams. 

Not every organization has the same categorization of teams, but some common ones include:

  • Security: Assessing and mitigating vulnerabilities, risks, and threats. This team must be ready to identify, investigate, respond, and recover from incidents. ‍
  • Infrastructure and ITOps: Deploying and maintaining resources. Security must be considered across all layers of the cloud, including gateways, identity, encryption, and attack surface. ‍
  • Research & development: Building cloud-based applications. Security must be baked into code, referenced data, access, APIs, and third-party integrations. ‍
  • DevOps: Improving the software development process. Security must be applied to code across the development and production stages. ‍
  • Compliance: Adhering to industry standards and frameworks. Security often comes up in compliance regulations.  ‍
  • End users: working in the cloud. Security must be taught through employee training sessions to adopt best practices and increase resistance against threats like phishing or data loss.

Traditionally, many organizations left cloud security to dedicated cloud teams. However, it is becoming more and more common for security teams to take on the responsibilities of securing the cloud. This is also true of organizations undergoing cloud migration and spinning up cloud infrastructure for the first time.

The complexity of cloud security

Most organizations using the cloud today have hybrid and/or multi-cloud deployments. Hybrid deployments combine public and private cloud environments and multi-cloud deployments use a combination of public cloud providers or regions where servers are stored. In fact, Deloitte reports that as many as 85% of businesses, a vast majority, use two or more cloud platforms, and 25% use at least five.

While these diverse deployments can boost resiliency, they also complicate security. Multiple environments increase the attack surface and reduce architectural visibility, making misconfigurations, unmanaged access, and inconsistent policies more likely. This complexity creates gaps in security that often require specialized teams and expert personnel to address. 

Challenges driving security teams’ responsibility

The usual approaches to other types of cybersecurity can’t be applied the exact same way to the cloud. With the inherent dynamism and flexibility of the cloud, the necessary security mindset differs greatly from those for networks or data centers, with which security teams may be more familiar.

For example, IAM is both critical and distinct to cloud computing, and the associated policies, rules, and downstream impacts require intentional care. IAM rules not only govern people, but also non-human entities like service accounts, API keys, and OAuth tokens. These considerations are unique to cloud security, and established teams may need to learn new skills to reduce security gaps in the cloud.

Additionally, there are greater compliance pressures from GDPR, CCPA, and industry-specific regulations. While some companies have dedicated compliance teams, not every organization does and others are not always familiar with working in cloud environments. In these cases, responsibilities may fall to the security team. 

Finally, there has been a rise in sophisticated, cloud-based threats, such as account takeovers and misconfigurations. Preparing, responding to, and recovering from these cloud-specific threats lie with the security team as well. 

Learn more about the top risks and attacks faced in the cloud in the white paper: “Tackling the 11 Biggest Cloud Threats with AI-Powered Defense.

Conclusion

Cloud security is both vital under the shared responsibility model and complex with hybrid and multi-cloud deployments and strict regulatory demands. While many teams contribute to cloud security, more and more responsibilities are shifting to security teams specifically.

AI-powered solutions that can detect and respond to threats spanning a wide range of risks and attack types can support security teams as they protect dynamic cloud environments. By adopting real-time cloud detection and response tools, security teams have more time to dedicate to proactive projects and high-level tasks as well as reduced burden on less specialized team members. 

Read more about the latest trends in cloud security in the blog “Protecting Your Hybrid Cloud: The Future of Cloud Security in 2025 and Beyond.”