By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept
Back To All Resources

Is Cloud Infrastructure More Complex Than We Think?

Cloud complexity is increasing due to multiple stakeholders and fragmented processes. A recent Volkswagen breach highlights the risks of misconfigurations, particularly those introduced by third-party vendors.

27/4/2025
Read Time:
2
min

In my previous post, I talked about how cloud security has become a reactive game— issues only being addressed after they are detected in production. At first glance, it seems there’s a solution in the form of “shift-left” practices—scanning IaC templates and managing configurations before deployment. However, these methods often assume a level of simplicity in cloud environments that just is not common in the real world.

Infrastructure as Code (IaC) was supposed to simplify and standardize cloud deployments, but only 13% of organizations have fully matured their IaC programs. Many still rely on manual processes, “ClickOps” or partial automation that are prone to countless misconfigurations. This complexity is compounded by the number of stakeholders touching the cloud environment: DevOps teams, IT departments, third-party vendors, and even M&A-driven “sub-organizations” operating under the same corporate umbrella. Each one adds a new layer, a new tool, and opens the door to misconfiguration.

The result? A lot more than just theoretical risk. Take the December 2024 incident at Volkswagen: a significant data breach exposed sensitive information including vehicle locations, customer information, and operational details on roughly 800,000 electric vehicles, all traced back to a cloud misconfiguration managed by a third-party provider. In cases like this, organizations relying on external vendors have limited control over their own security posture, leaving them exposed. Reactive cloud security measures and traditional CSPM approaches simply weren’t enough to prevent this incident. But then, what security approach could possibly work when an external vendor holds the keys to your cloud kingdom?

Isn’t it time we rethink cloud security entirely? Instead of resolving problems post-deployment, perhaps we need a truly proactive strategy—one that aligns with the realities of modern, multi-stakeholder, hyper-scaled cloud environments. If we don’t adapt now, we risk chasing one misconfiguration after another, never pausing to address the root cause: complexity itself.

Sources:

  1. Is Something Missing in Cloud Security? https://lnkd.in/dKmUGTAj
  2. StackGen 2025 Report https://lnkd.in/d2M6ySQ
  3. Volkswagen Breach https://lnkd.in/dfD7gD4e

Got Questions? We've Got Answers!

If you don't find the answer you're looking for here, feel free to reach out to us here.

Heading

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

Take Your First Proactive Step by Booking a Demo

Book a Demo Now!