WisdomTree
technology_10_1151x564.jpg

Cloud security: A necessary component in digital transition planning

Publié le 10 février 2021

Team8
Team8

Global venture group

Buoyed by tailwinds from the pandemic and remote work, cloud adoption is on the rise and enterprise cloud migrations are expanding from fringe applications and experiments to business critical initiatives. As such, security capabilities are evolving to allow enterprises to reap the benefits of moving to the cloud while retaining control over their security posture, data protection programs, and application integrity.

2020 will go down as a pivotal year for cloud adoption as businesses sought to cut costs, retain flexibility, and throttle demand due to dislocation caused by the pandemic. In fact, cloud security is the number one investment area for 2021 according to the Team8 2021 CISO Survey, followed by Security Automation and Identity and Access Management. In retrospect, we expect that 2020 will be remembered not only as the year where cloud became the default, but also where the dynamics governing enterprise networks and workload deployments changed forever. In a world where containers1 offer the capability to combine hybrid, multi-cloud and on-premise computing and storage strategies, security tools and techniques will need to evolve to reduce complexity created by a multitude of new offerings within and beyond the enterprise perimeter. For example, workloads moving between different cloud environments to optimize for speed, scalability, cost, and compliance have created a new “shared responsibility” model between the enterprise and its different cloud providers. If not managed properly, this model could open the door for threat actors to identify and leverage misconfigurations as a way to gain access.

Impact - Cloud is becoming so complex it should be perceived as an operating system. Many of today’s security solutions are just modern-day equivalents of endpoint security and other on-premise techniques that had limited effectiveness. Attacks are not only still happening, but are being amplified by the pervasiveness, speed, and connectedness of the cloud. Instead of applying legacy solutions to the cloud, organizations need security solutions that are architected for the cloud, combining control and integrity with scalability and agility.

Solutions - Cloud Workload Protection Platform (CWPP), Cloud Security Posture Management (CSPM), Container Security, Cloud Infrastructure Entitlement Management, Cloud Access Security Broker (CASB), Extended Detection and Response (XDR).

Perspectives:

Defender’s Perspective - The next big thing with regards to cloud security is automated remediation. Most cloud vulnerabilities can be automatically fixed rather than fixing them one by one, by hand. When you describe things with code, they can be easily applied to multiple instances. This characteristic offers an opportunity to automatically remediate these vulnerabilities as opposed to waiting for DevOps to do it.” - Jonathan Jaffe, CISO, Lemonade

Team8’s Attacker Perspective - The complexity of an environment usually plays into the hands of the attacker, and it would be hard to find infrastructure more complex than modern cloud. It is a mesh of services, identities, logs, networking, compute, and storage. For attackers, it's the wild west.

When moving to the cloud, many enterprises lose the visibility, understanding, and control they had when their infrastructure was on-premise. This is a new playground for attackers, especially since they have plenty of opportunities for target practice on cloud networks.

In our next blog, we will cover the Security of Things.

Author who has contributed to this blog: Bob Blakley, Operating Partner at Team8.

The views expressed in this blog are those of Team8, any reference to “we” should be considered the view of Team8 and not necessarily those of WisdomTree Europe.

Team8 is a global venture group with deep domain expertise that creates companies and invests in companies specializing in enterprise technology, cybersecurity, and fintech. Leveraging an in-house, multi-disciplinary team of company-builders integrated with a dedicated community of C-level executives and thought leaders, Team8's model is designed to outline big problems, ideate solutions, and help accelerate success through technology, market fit and talent acquisition. For further information, visit www.team8.vc.

1 A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.

+ Introducing cybersecurity the megatrend of the 2020s

À propos du contributeur

Team8
Team8

Global venture group

Team8 est un groupe mondial spécialisé dans le capital-risque qui crée et investit dans des sociétés à l’intersection de la cybersécurité, des données, de l’intelligence artificielle et de la fintech. Le modèle de Team8, qui s’appuie sur une équipe pluridisciplinaire de créateurs d’entreprises intégrés à une communauté de cadres dirigeants et de leaders éclairés, est conçu pour identifier les problèmes importants, proposer des solutions et accélérer le succès et l’impact via l’innovation technologique. L’équipe dirigeante de Team8 est notamment composée de « serial entrepreneurs », de pionniers de leurs secteurs et de l’ancien dirigeant de l’Unité d’élite israélienne 8200 spécialisée dans la technologie et l’intelligence.

Best Workspaces - GPTW UK 2024
Best Workspaces for Development - GPTW UK 2024
Best Workspaces for Women - GPTW UK 2024
Best Workspaces in Financial Services & Insurance - GPTW UK 2024
Important Risk Information

Juridictions de l’Espace économique européen (« EEE ») : Ce site Web et son contenu ont été fournis et sont maintenus par WisdomTree Ireland Limited, une société autorisée et réglementée par la Banque centrale d’Irlande.

Juridictions en dehors de l’EEE : Ce site Web et son contenu ont été fournis et sont maintenus par WisdomTree UK Limited, une société autorisée et réglementée par l’instance de régulation du secteur financier au Royaume-Uni (United Kingdom Financial Conduct Authority).

Le cours des actions ou la valeur des investissements dans des ETP peuvent fluctuer à la hausse comme à la baisse et les investisseurs ne sont pas assurés de récupérer les montants investis. Les performances passées ne sauraient être un indicateur fiable des résultats futurs. Le présent document ne doit pas être considéré comme une prévision, une analyse financière ou une recommandation, non plus que comme une offre ou une sollicitation pour acheter ou vendre de quelconques instruments ou produits financiers ou pour adopter une quelconque stratégie d'investissement.

Veuillez cliquer ici pour lire notre clause de non-responsabilité dans son intégralité.

© 2026 WisdomTree, Inc. All Rights Reserved