Skip to main content
12 Feb 2025

Cloud Security: Navigating the Risks, Leveraging the Benefits

In today's digital landscape, the adoption of cloud computing has become
ubiquitous, offering unparalleled flexibility, scalability, and cost-efficiency
for businesses. However, with this transition to the cloud comes the critical
need for robust cloud security measures. Key security considerations for
businesses operating in the cloud include data breaches, non-availability of business-critical systems, multi-cloud, compliance and legal issues, data loss, account hijacking, and insecure APIs. Addressing these concerns is essential to ensure the integrity, confidentiality, and availability of critical assets in the cloud environment. 

 

Key Cloud Security Challenges Which We Observe During Our Work With Clients

 

The protection of sensitive data, applications, and infrastructure in the cloud is paramount to safeguarding organisations against a myriad of cyber threats.

Some key cloud security challenges that organisations often face when operating the cloud are:

Organisations may rely on existing policies and processes which do not take the additional security considerations required for cloud into account, thus resulting in increased security and operational risk.

When migrating and operating applications in the cloud, organisations may inadvertently introduce insecure configurations or practices, leading to potential security vulnerabilities.

The automation of business and technology processes in the cloud can outpace manual security checks and controls, leading to potential vulnerabilities.

Without a comprehensive view across all technology platforms, including multi and hybrid clouds, organisations may overlook incidents or underestimate their impact.

The rapid evolution of cloud services can lead to a lack of sufficient knowledge to understand and skillsets to prevent and mitigate potential security impacts.

Cloud Security Leading Practices

 

To address these challenges, organisations today consider the following industry-leading practices and capabilities:

Organisations should document strategic Cloud Security Policies, Target Operating Models and guidelines and guardrails to articulate how they will securely migrate and operate in the cloud, while maintaining, or improving, the security of legacy environments. 

An organisations’ IT footprint spans mostly across multiple clouds and hybrid environments and companies frequently seek to define a multi-cloud architecture integrating security leveraging Zero Trust principles. A multi-cloud architecture enables the organisation to strategically deploy, secure, manage, operate, and monitor workloads across several cloud service providers and legacy on-premises environments. 

Our clients in various industries across the Swiss landscape are required to comply to several regulatory requirements. Organisations should define new or align existing controls to the regulatory requirements and establish a monitoring capability to ensure continuous compliance.

To operate securely in the cloud, organisations must identify the right fit for their security requirements by redefining the technology stack and determine the optimal course of action regarding the utilization, maintenance, or decommissioning of current tools.

SASE integrates robust security functions such as threat prevention, data protection, and secure web gateways, ensuring comprehensive protection across all access points and reducing the risk of cyber threats.

This is realised by leveraging solutions such as Cloud Security Posture Management (CSPM such Palo Alto’s Prisma Cloud or Wiz), Cloud Workload Protection Platforms (CWPP), Security Incident Event Monitoring (SIEM such as Microsoft Sentinel or Splunk) that offer coverage across multiple environments, on-premises and on cloud. 

How can Deloitte help?

 

Deloitte possesses deep expertise as a world leading cloud security advisor and Global System Implementation partner. The following are a selection of our key capabilities:

We leverage our Deloitte’s Cloud Security framework and industry leading practices and tools to review processes and technologies to understand the cloud security maturity level and posture. 

We leverage our experience and industry leading practices and tools to assess SaaS environments against a defined baseline, including policies, configuration, and vulnerabilities.

We start by determining the business case for cloud security in alignment with the overarching business goals and digital strategy to further develop the vision for cloud security. This includes the review of foundational tenets, such as target operating model, alignment of technology with security needs and multi-year financial outlook. Cyber security policies and control framework are also updated to include cloud security principles.

For existing applications on the cloud, organisations often seek a second opinion from a subject matter expert. Deloitte offers technical review of organisations’ deployed cloud applications to provide insights on areas of improvement across security domains. The recommendations for remediation are aligned to industry leading practices and cybersecurity frameworks such as NIST, CIS, and OWASP.

Solution design starts by understanding the requirement for cloud security solution(s) based on business needs and desired outcome, accounting for environment-specific constraints (such as dependencies). We can design and implement a compliant future state cloud security architecture and/or implementation guide that is tangible to operationalise the solution.

We start by assessing the security implications of workload migration to the cloud and develop a secure migration process and roadmap aligned with the organisation’s migration strategy. Leveraging on-premises security stack and cloud platform security services we architect and implement a secure landing zone that ensures a security baseline in a multi-cloud environment.

Design and implementation of a secure cloud edge requires assessing the enterprise network architecture and establishing the requirements for a decentralised model, accounting for remote networks and workforce. Following this, we identify the key components of a Secure Access Service Edge (SASE) architecture, leveraging modern cloud-based solutions. Lastly,
we develop a transformation roadmap and engage in design and implementation of the future state secure network architecture (leveraging Zero Trust principles).

Get in touch

Reto Haeni

Partner
+41 79 345 01 24

Ashish Gupta

Director
+41 79 898 90 32

Guy Florian Seka

Senior Manager
+41 58 279 89 40

Marc Beierschoder

AI & Data lead Partner
+41 58 279 6778

Jan Seffinga

Partner
+41 58 279 6928

Hannah Hayward

Partner, CIO Programme Chair
+41 58 279 6175

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Our thinking

Embedding Security into the Public Cloud DNA: Considerations for the Public Cloud Migration Journey

The cloud is increasingly becoming the primary location for organisations to host services and data. Many organisations have already migrated their applications to cloud platforms, and many of those that haven't are currently planning to do so. 
Explore our thinking