As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning
24 Mar 2026 • , 4 min. read
Complexity is said to be the enemy of many things, but when it comes to organizations and their IT systems and processes, complexity is arguably the worst enemy of cybersecurity. For many IT and security practitioners, this plays out daily as they scramble to manage what IBM once called a “Frankencloud,” a patchwork of private and public cloud environments, often further entangled with various on-premise and possibly legacy resources.
The ease with which some cloud assets, notably virtual machines, can be spun up contrasts sharply with the reality of keeping them hardened and monitored once they begin to multiply. The machine and software sprawl often produces environments that are heterogenous and beset by inconsistent rules, which ultimately makes them difficult to defend.
When it rains, it pours
IT and security teams – which often number just a handful of people already stretched thin by an industry-wide talent shortage – find themselves jumping between dashboards and consoles as they try to stitch together a coherent story from scattered data points. Every time an admin switches tools or interfaces, the risk of a missed alert or another misstep increases, much to an attacker’s delight.
Bad actors, after all, don’t think of organizations as collections of separate silos. They see one large and increasingly interconnected target, where a single account or machine – once it’s compromised through leaked credentials or another gaffe – can be used for lateral movements or as an on-ramp for further intrusions across environments.
Risk often thrives at the ‘seams’ of the infrastructure: the places where one entity’s responsibility ends and another’s begins, or where the lines are misunderstood – until the first serious incident forces a reckoning. In fast-growing companies, that boundary is far too often discovered the hard way. Many cloud data breaches trace back to mundane lapses in security hygiene and oversights in the management of complex deployments, rather than fiendish zero-day exploits.
According to Google’s H2 2025 Cloud Threat Horizons Report, credential compromise and misconfiguration remained the primary entry points for threat actors into cloud environments in the first half of 2025. The latter half of last year saw an interesting twist, according to the report’s H1 2026 issue published just days ago, as both initial access vectors were leapfrogged by software-based exploits.
Meanwhile, the price tag of the incidents remains steep. IBM’s Cost of a Data Breach 2025 puts the average cost of a data breach that involves multiple environments at an average of US$5.05 million, while the average cost of a data breach involving “only” the public cloud isn’t far behind at US$4.68 million. Legal and compliance costs and a loss of reputation and customer trust then add insult to injury.
If complexity is the enemy, then simplicity should be the antidote, right? Not so fact. Few organizations can afford to give up the flexibility and cost-efficiency that made the cloud in various of its flavors attractive in the first place. Nor should they. The more realistic ambition is to make complexity legible and manageable – and this starts with visibility. Worryingly, a survey by the Cloud Security Alliance has found that only 23% of organizations have full visibility into their cloud environments.
Now you see me
Sometimes you have to say things that go without saying: you can’t secure what you can’t see. But ‘raw’ visibility on its own isn’t enough. Without context and correlation that help produce a full picture, what you get is little more than better-lit chaos. You need a way to impose a unified policy across environments and then to enforce the rules across various systems, including on virtual machines in multiple clouds, and across identity layers. Arguably, this kind of unity doesn’t make the environment smaller, but it makes it manageable while reducing the attack surface.
When every authentication attempt, process start, network connection and file modification leave a trace somewhere, the volume of telemetry data can be overwhelming. Therefore, automation, when applied carefully, matters just as much. It helps close the gaps where attackers like to dwell, countering the ‘entropy’ that naturally sets in as networks grow. In addition, routine tasks and correlation of telemetry data from disparate sources are handled by a system that doesn’t get tired or distracted. That way, human operators can focus on the parts of incident response that require human judgment.
The cloud itself is not the problem, of course. In systems that are designed to scale and change, a degree of complexity is inevitable, especially as the business expands. Securing cloud workloads rests on ensuring that as your digital infrastructure grows, your visibility and control grow with it. That way, you avoid learning the truly hard lessons from incidents.
