Simplifying security for complex cloud environments

Simplifying security for complex cloud environments

Jess Phillips |  27 February, 2025

A cloud-first vision across the Middle East is driving the rapid adoption of cloud technologies, but organisations must ensure their cybersecurity strategy is equipped for this modern infrastructure. Walid Natour, Senior Manager, Tenable, discusses how businesses can develop and deliver a robust, long-term cloud security strategy, as well as how Tenable’s CNAPP solution is helping to close cloud exposures.

Walid Natour, Senior Manager, Tenable

Can you talk us through the risks that rapid cloud adoption has introduced, particularly for regional organisations?

The Middle East, particularly the United Arab Emirates (UAE) and Kingdom of Saudi Arabia (KSA), is witnessing rapid adoption of cloud technologies, driven by a cloud-first vision. A recent report from McKinsey & Company suggests that cloud services could deliver as much as US$183 billion in value by 2030, generated from creating and scaling new products. However, cyber-risk concerns have also increased due to the modern attack surface beyond traditional infrastructures.

While organisations can get many benefits of cloud services, it also introduces new cyber-risks and cloud vulnerabilities, many of which most on-site IT and security teams don’t have the skills, resources or tools to identify and address. And, for those still using legacy practices designed for on-prem technologies, the cloud security gap will only widen, opening the door for increased cloud breaches.

According to the Tenable Cloud Risk Report, which examines the critical risks at play in modern cloud environments, nearly four in 10 organisations globally are leaving themselves exposed at the highest levels due to the ‘toxic cloud triad’ of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyberattackers.

Threat actors know that cloud presents a weak area in an organisation’s risk posture making it a prime target and leaving sensitive data and AI resources vulnerable.

How are organisations typically approaching the increased attack surface created by distributed environments? What are the pitfalls of this approach and what is the impact on both team wellbeing and the organisation’s cybersecurity posture?

Unfortunately, most organisations have yet to mature their cybersecurity practices to effectively meet challenges created by accelerated adoption of cloud. A commissioned report with Tenable Cloud Security and Osterman Research found that 80% of organisations don’t have a security team dedicated to protecting the cloud and most, 84%, are only at an entry-level with cloud capabilities, meaning they’re taking ad-hoc or opportunistic reactive approaches to cloud security. Surprisingly, about 93% of large organisations, according to the report, are operating at these same levels.

The good news is that organisations that spend about 50 hours a week or more adopting a proactive approach to cloud security, for example, implementing cloud vulnerability management best practices, are reaching top maturity levels (using repeatable, automated and integrated security processes), but that only accounts for about 16% of organisations surveyed in the Osterman report.

Instead of using disparate cloud security tools that silo data and create blind spots across your cloud environments, a CNAPP unifies these tools into a single solution. It unites DevSecOps processes with security and infrastructure management.

How does Tenable’s cloud security solution CNAPP help to close cloud exposures?

From development to runtime, Tenable’s proactive and preventive approach to cloud security continuously analyses an organisation’s cloud resources to find the most important risks, spot unknown threats and toxic combinations of security issues and deliver actionable insights within minutes.

A cloud-native security platform is an effective way to manage cloud security tools in one system, which ultimately enhances your cloud security resources with less cost and wasted time. It is also a valuable tool to mature your cloud cyber-hygiene practices.

Tenable Cloud Security is an identity focused cloud native application protection (CNAPP) solution that delivers clear, consistent risk context for misconfigurations, over-permissions and vulnerabilities – making mitigation, remediation and communication more actionable. It combines with Tenable’s exposure management platform to uniquely offer hybrid (on-prem to cloud to OT) solutions that reduce attack surface risk.

Why is it so important to simplify security for complex environments and how does Tenable enable this?

By unifying visibility and accurately prioritising risk across cloud infrastructure, workloads, identities, data and AI resources, Tenable Cloud Security empowers teams to close cloud exposures to address key critical risk areas:

  • Identity security: Cuts permissions risk and enforces least privilege with best-of-breed cloud identity entitlement management (CIEM) and Just-in-Time access
  • Data security: Protects cloud data including AI from unauthorised access and other exposures with data security posture management (DSPM)
  • Workload protection: Provides vulnerability and exposure management for all cloud workloads including Tenable leadership in VPR scoring and research
  • Kubernetes and cloud posture management: Simplify cloud compliance with a single solution. Use built-in and custom policies and dynamically assess risk to achieve compliance with standards like NIST, CIS, PCI, SOC 2 and GDPR.

What benefits could an organisation expect to see after working with Tenable to strengthen their cloud security approach?

Investing in Tenable Cloud Security delivers significant ROI, including enriched cloud risk insights from Tenable Research, industry leading vulnerability priority scoring and single licensing to grow security by business need. Key benefits include:

  • Multi-cloud visibility for full-stack cloud security. Gain a 360° view of all cloud resources including infrastructure, identities, workloads and data, and their exposures across all your clouds
  • Simplified compliance reporting. Minimise reporting time and effort with automated compliance reporting with built-in and custom policies.
  • Continuous governance. Secure cloud infrastructure across the complete lifecycle from development to deployment.
  • Risk guidance and remediation. Lower MTTR with detailed remediation guidance and automated response actions that close security gaps

What advice would you offer to organisations at the start of their journey towards bolstering their cloud security strategy?

Developing a cloud security programme isn’t just a one-time rollout. In addition to having a simple to use yet powerful CNAPP solution, maintaining a strong programme is a constant effort that requires support from all teams within the organisation. It’s recommended to have clear cloud security processes defined while adopting a strong cloud security solution. Both should be defined as part of the organisation’s cybersecurity programme.

When implementing a cloud security programme, there are five steps you can take to adopt a risk-based vulnerability management approach, which aligns directly with the cybersecurity lifecycle. Discover, Assess, Prioritise, Remediate and Measure.

Choosing a cloud security solution doesn’t have to be so frustrating. You can quickly get on the right path for choosing the best cloud security solution for your organisation.

Here are a few tips:

  • Set a goal: What do you want your solution to do? How does that goal align with your business goals and objectives?
  • Know your ‘must-haves’: What does the solution have to do to ensure you meet all your goals?
  • Dig into product capabilities: How does the solution improve security and reduce risk?
  • Understand your compliance and other regulatory requirements: Can the solution give you visibility into how you’re meeting requirements, where you have gaps, identify weaknesses and help you prioritise plans for remediation?
  • Inquire about scalability and research: Can the solution scale with your organisation and how does it ensure it continuously delivers accurate, timely risk data as your needs change over time?

Are there any cloud security trends you expect to see in this region over the coming months/year? How should organisations prepare?

Cloud services usage is increasing rapidly. Businesses of all sizes across all industries around the region are swiftly adopting Artificial Intelligence (AI), cloud infrastructure, services and applications, quickly realising the benefits of scalability, flexibility and cost reductions.

The more technologies and different assets are used, the greater the exposure and attack surface.

Organisations must ensure proper configuration, manage vulnerabilities in AI workloads and the entire attached surface. They should assess their existing tools and start looking at modernising and consolidating multiple cybersecurity practices to unify vision, unify insight and unify action.

Tenable One, a unique AI-powered exposure management platform, radically unifies security visibility, insight and action across the attack surface, equipping modern organisations to isolate and eradicate priority cyber-exposures from IT infrastructure to cloud environments to critical infrastructure and everywhere in between.

Signup to the newsletter and never miss out on the latest news.

© Copyright 2025 Intelligent CISO | 63/66 Hatton Garden, London, EC1N 8LE | +44 (0) 20 3026 6825 | A Lynchpin Media Brand | Privacy Policy

Browse our latest issue

Intelligent CISO

View Magazine Archive