The Cloud Is Changing Everything. Zero Trust Is How We Keep Up.
Weekly Briefing 12/16/2024

The Cloud Is Changing Everything. Zero Trust Is How We Keep Up.

Sudha Iyer, VP, Security Product Management

I’m hearing a common refrain in discussions with customers: The cloud needs Zero Trust.

Organizations are maturing their cybersecurity strategies. They’re adopting the cloud at record speed. They know that breaches and ransomware attacks will happen. And they’re realizing that reactive approaches to security don’t work anymore.

Companies aren’t adopting Zero Trust because it’s trendy. They’re building Zero Trust architectures because it’s the smartest way to secure their cloud environments against a world where the network perimeter no longer exists.

Why Zero Trust in the cloud, and why now?

The cloud isn’t just a technology shift. It’s a mindset change.  

Companies aren’t asking if a breach will happen but when. Zero Trust thrives in this environment because it flips the traditional cybersecurity script. Instead of focusing on keeping attackers out, it’s about controlling what they can access when (not if) they get in.

Zero Trust security is especially critical in the cloud because traditional perimeters no longer exist. In the past, organizations could rely on a defined network boundary — a digital moat — to keep attackers out.  

But the cloud has dissolved those perimeters. Data, applications, workloads, and users now live everywhere, across multiple cloud providers, on remote devices, and in hybrid environments. The result? Attackers have more entry points than ever before.

However, cloud providers also offer tools that can help you build Zero Trust. These include activity and access logs, resource metadata, and automation tools like SDKs (software development kits) and IaC (Infrastructure as Code).

Begin your Zero Trust journey with these questions

Zero Trust isn’t about purchasing new tools or completely rearchitecting your network. It’s starts with asking foundational questions about your security that drive clarity:

  • What’s our cloud footprint? Which providers and services are we using? How are they being used?

  • What is our maturity for privilege access management and data classification?  

  • How do we detect malicious activity? How do we improve our mean time to detect (MTTR) an incident?

  • What’s our response plan when a breach happens?  

  • Are we monitoring continuously? How are we adapting to the evolving threat landscape?

These questions expose gaps you didn’t know existed and help you focus on building a strategy that works for your unique environment.

Whether you’re a healthcare provider safeguarding patient records or an e-commerce company processing countless transactions, your answers will shape your Zero Trust priorities.

Start small to win big with Zero Trust

A big mistake I see all the time is that companies try to “do Zero Trust” everywhere at once. Don’t. It’s overwhelming, and it sets you up for failure.  

Instead, focus on securing your high-value resources first. Get visibility into what’s happening across your network and not just in siloed cloud environments. Track traffic flows, see how workloads move across environments, and understand exactly what’s happening in your environment.  

Visibility isn’t just for crisis moments. It’s your daily advantage that allows you to continually adapt and adjust your cloud security.

Armed with this information, you can lock down your most critical applications and systems with network segmentation to immediately reduce your risk. If attackers break in, they will be contained to their entry point and won’t be able to spread across your network.  

Starting small gives you measurable results quickly, which not only reduces risk but also builds momentum for expanding Zero Trust across your environment.

What’s next? Practical insights to build your Zero Trust maturity

Zero Trust is more than a buzzword. It’s the best framework for navigating modern cloud complexities. If you’re aiming to strengthen your cybersecurity posture, these three practical insights will help inform your Zero Trust journey.

If you’re just starting out on your Zero Trust journey, these three practical insights will help inform your planning:

  • Zero Trust isn’t a finish line. Organizations are dynamic and organic, and security needs are always changing. Build milestones and measure success. Zero Trust is an ongoing journey that’s about steady, consistent improvement.

  • Every cloud environment is unique and so is your Zero Trust journey. Ask the right questions, starting with how you’re handling Platforms as a Service (PaaS), identity and access management (IAM), data loss prevention (DLP), and AI services. Start small and focus on your organization’s unique risks.  

  • Zero Trust is a scalable strategy designed to grow with your business and adapt to the ever-changing threat landscape. It equips you to tackle emerging threats head-on and prevents attackers from escalating minor security incidents into major cyber disasters.

And if you’re already working on Zero Trust projects, here are some questions to consider as you move to the next iteration:

  • How are we building Zero Trust into our hybrid applications across on-premises and cloud environments?

  • Can we track and stop the movement of critical data across environments, including Kubernetes, with data loss prevention (DLP) tools and other network and identity security platforms?

  • Can we discover applications and continuously track who’s accessing them across the network, including PaaS and Kubernetes?

  • How do we build a least-privilege model for non-human and human users that combines identity and network layers?

The cloud has fundamentally reshaped the way we think about security. With Zero Trust, you’re prepared not just to keep up with change but to build consistent security that’s ready for whatever comes next.

This week on the Zero Trust Hub:

  • Illumio's Raghu Nandakumara and Trevor Dearing shared their 2025 cybersecurity predictions with Cybersecurity ASEAN, highlighting a shift toward breach containment, operational resilience, and executive accountability in security strategies amid evolving cyber threats.
  • Gary Barlet, federal field CTO at Illumio, shared with MeriTalk his expectation that the incoming administration will prioritize accelerating federal cybersecurity efforts, strengthening accountability, and securing dedicated funding to address the government’s cybersecurity challenges.
  • Catch this week’s top news on The Monday Microsegment, plus a special Agree to Disagree segment with Gary Barlet and John Kindervag.

To view or add a comment, sign in

More articles by Illumio

Insights from the community

Others also viewed

Explore topics