As organisations continue to accelerate their migration to cloud environments, significant security risks remain, largely driven by misconfigurations, human error, and the growing complexity of modern cloud architectures.
This is according to Benjamin Coetzer, Director at evoila Africa and formerly known as Routed, who notes that while cloud adoption has matured, security strategies have not kept pace.
“Cloud security operates on a shared responsibility model, yet many organisations still misunderstand where their responsibilities begin and end,” says Coetzer. “While providers secure the underlying infrastructure, customers are accountable for everything above that – including identity and access management, encryption, patching, and data protection.”
He explains that this shared responsibility model often leads to critical gaps, particularly where organisations lack the internal expertise or fail to implement proper governance and monitoring frameworks. This aligns with broader industry observations that cloud environments demand a clear understanding of roles, especially around data protection and access control.
Human error remains the biggest threat
Despite advances in cloud-native security tools, Coetzer highlights that human error continues to be the leading cause of cloud security breaches. Misconfigured storage buckets, weak identity and access management (IAM) policies, and insufficient monitoring are among the most common vulnerabilities.
“Organisations are still struggling with basic visibility. Without proper logging, monitoring, and SIEM capabilities, it becomes impossible to detect and respond to threats effectively,” he says.
Additional risks include malicious insiders, supply chain vulnerabilities, and compliance challenges related to data sovereignty and international regulations.
Security strategies lag behind innovation
While cloud adoption is accelerating, Coetzer believes that security approaches are failing to keep pace with the rapid evolution of cloud technologies.
“The rise of AI, machine learning, containers, serverless computing, and multi-cloud strategies is introducing new attack vectors faster than organisations can secure them,” he explains. “At the same time, attackers are leveraging automation and AI to scale their efforts, widening the gap even further.”
He adds that many organisations still treat security as an afterthought, rather than embedding it into development processes through practices such as DevSecOps and shift-left security.
Public cloud introduces new risk layers
According to Coetzer, the public cloud presents a range of risks that organisations must actively manage. These include misconfigurations, gaps in shared responsibility, expanded attack surfaces, data breaches, third-party dependencies, and regulatory exposure.
These concerns echo broader industry trends, where businesses are increasingly scrutinising public cloud environments for issues such as compliance complexity, security exposure, and operational risk.
Complexity increases across cloud models
The complexity of managing security increases significantly across different cloud service models.
“In Infrastructure as a Service (IaaS), organisations have maximum control, but that also means maximum responsibility,” says Coetzer. “They are responsible for everything from operating systems to network configurations, which increases the risk of misconfiguration.”
By contrast, Platform as a Service (PaaS) abstracts much of the underlying infrastructure, enabling faster development but introducing new blind spots.
“PaaS environments shift risk to the application layer,” he explains. “Issues such as insecure code, exposed APIs, and vulnerable dependencies become the primary attack vectors, particularly in environments using containers and serverless workloads.”
A call for proactive security
Coetzer concludes that closing the cloud security gap will require a fundamental shift in how organisations approach security.
“Security cannot be bolted on after deployment. It needs to be embedded into every layer of the cloud journey – from architecture and development to operations and governance,” he says.
“As cloud environments become more complex, the organisations that succeed will be those that prioritise visibility, accountability, and proactive security practices from the outset.”
For more articles like this click here.
If you enjoyed this website then check out our other sites: Wedding and Function, Home Food and Travel, Kids Connection, Thirsty Traveler, Bargain Buys, Boat Trips for Africa.
Need help with your online marketing then visit Agency One