More and more organizations are adopting a multicloud approach, thanks to its benefits like increased agility, flexibility and choice.

• Okay, but: Securing multicloud environments is a deeply nuanced task, and many organizations struggle to fully safeguard the many ways threat actors can compromise their environment.

What you need to know: Microsoft's 2024 State of Multicloud Security Report shares trends and insights from a multidimensional analysis so organizations can address common challenges and strengthen their security strategies to meet today's evolving threats.

🚨 The challenge: Many organizations struggle to properly secure cloud-native applications and infrastructure throughout the full software development lifecycle.

Attackers are shifting left, targeting vulnerabilities earlier on in the development lifecycle.

• Widespread vulnerabilities live within source code and code repositories. For example, in 2023, 65% of code repositories contained source code vulnerabilities and 23% of them contained company secrets, including passwords and API keys.
• Adversaries can use this information to gain unauthorized access to an organization's multicloud environment and trigger larger attacks that could result in data breaches, identity theft and more.

Additionally, attack paths are exploitable paths that attackers might use to breach your environment and access high-impact assets.

• More than half of organizations were exposed to at least one attack path in 2023, with the average organization containing 351 attack paths across their multicloud environment.
• Unaddressed attack paths can lead to significant damage across multicloud environments, including compute abuse, data exposure and user credential exposure.

Organizations must also consider how the growing use and variety of cloud workloads impact their exposure to cyberthreats.

• When cloud workloads span across multiple clouds, that creates a larger, more complex attack surface for security teams to contend with. These intertwined workloads create additional complexities and dependencies that require proper configuration and monitoring to secure.

✅ Recommendations: Security teams need a holistic view of the entire development and deployment process to ensure comprehensive visibility across source code repositories all the way to cloud runtime environments.

Leverage a cloud-native application protection platform (CNAPP) to integrate security checks and controls into the DevOps pipeline and implement comprehensive cloud-native workload monitoring and protection.

Focus on a preventative, risk-based approach by leveraging attack path analysis to proactively identify and remediate potential attack paths before they can be exploited.

• A cloud security posture management (CSPM) solution enables organizations to reduce attack surface and manage risk in your multicloud environment, and Exposure Management extends the proactive program across an entire organization.

Follow Zero Trust best practices by assuming breach and limiting internet exposure unless absolutely necessary, especially in the case of management ports. Instead, use a closed management interface to establish a connection without risky internet exposure.

🚨 The challenge: Securing human and workload identity across multiple clouds is also a significant challenge due to the rapid growth in identities and bloated permissions.

Workload identities, identities assigned to software workloads, currently outnumber human identities — and that gap is only growing. Microsoft Entra Permissions Management discovered 209 million identities across its customers' clouds in 2023. Only 34.5 million were human identities.

• Fewer solutions can adequately protect workload identities because the majority of identity and access solutions in the market primarily focus on safeguarding human identities.
• Plus, workload identities are more difficult to secure because they don't have a clearly defined lifecycle. Inactive workload identities, an identity that hasn't logged in or used any of its permissions in the past 90 days, are not monitored the same way as active identities, making them an attractive target for adversaries.

Super identities further complicate identity security. A super identity is a user or workload identity that can access all permissions or resources across the entire multicloud estate.

• Super identities account for more than 50% of all identities, and 70% of those super identities are workload identities. These identities pose as an opportunity for attackers to gain access to a wide breadth of permissions and resources.

Unused permissions also represent a significant risk across human and workload identities in the cloud and are attractive targets for attackers.

• Microsoft Entra Permissions Management discovered more than 51,000 permissions granted to human and workload identities in 2023. Of those, only 2% were used. With more permissions come more access points for attackers.

✅ Recommendations: Organizations can adopt various strategies to secure human and workload identities and access within a multicloud environment.

A cloud infrastructure entitlement management solution (CIEM) like Microsoft Entra Permissions Management, can provide visibility that eliminates the need for standing access for super identities, inactive identities and unused permissions — all of which signify an elevated level of insider risk exposure.

• Once the CIEM has identified entitlements, organizations can then remediate risky identities by implementing least privileged access with just-enough permissions.

Permissions Management provides discovery, remediation and monitoring capabilities — as well as a permissions creep index (PCI) — to measure how well an organization protects its permissions risks across multiple clouds.

• Among customers who have used Permissions Management since 2022, Microsoft has seen a 21-point improvement in their overall PCI score.

🚨 The challenge: In the expanding multicloud universe, data is being generated at an unprecedented rate — and generative AI is only accelerating the trend. There's also been a growth in data sources, making it challenging for organizations to secure sensitive data.

• Data security incidents have become costly and frequent. From October 2022 to October 2023, 74% of organizations experienced at least one data security incident in which business data was exposed, according to Microsoft's Data Security Index.
• The average cost of data security incidents was $15 million.

Many organizations will opt to deploy and manage several distinct, siloed solutions to cover various use cases. But Microsoft found that a fragmented solution landscape weakened data security since deploying multiple solutions leads to duplicate copies of data, unnecessary data transfers, inconsistent data classification, redundant alerts, siloed investigations, and ultimately exposure gaps that leave you vulnerable to new types of data risks.

• Each tool also requires dedicated staff and processes to maintain and operate it. As a result, the lack of integration across these disparate tools leads to increased implementation complexity, longer deployment and management times, higher costs, and worse security and compliance outcomes.
• Organizations employing more than 16 tools to secure data face 2.8 times more data security incidents compared to those who use fewer tools. The severity of these incidents tends to be higher as well.

✅ Recommendations: Given the complexities of using disparate solutions, organizations should seek to reduce and refine the number of solutions they deploy to manage data security.

Organizations need an integrated solution that can combine data context with user context across their multicloud estate. Without a multilayered approach to securing their data, organizations will work reactively — instead of proactively — in preventing unauthorized access to their sensitive data.

• Microsoft Purview — a comprehensive data security, data compliance and data governance solution — can help safeguard data across an organization's multicloud estate. It helps discover hidden risks to sensitive data wherever it lives or travels, protects data and prevents data loss, and quickly investigates and responds to data security incidents.

Next steps: For more information on creating a secure multicloud environment, explore the complete 2024 State of Multicloud Security Risk report.

Read the report.