Why cloud posture management should be top of mind in 2023

By InDiv - januari 5, 2023

You are in the cloud with your organization. And yes: you did think about securing your workloads in the cloud. Installed firewalls. Applied zero-trust principles with, for example, least privilege. Antivirus. Antimalware. Intrusion Detection. DDoS protection. Everything. And that’s good. Trust me, if you have done all that, you are probably more advanced than a lot of other companies. I’ve spent quite some time last year in talking to customers who were suffering from severe breaches, including ransomware attacks and cryptomining. The cloud was supposed to be safe.

Yes. The cloud is safe. I’ve wrote this many times before and I’m writing it one more time: cloud platforms such as Azure, AWS and GCP are probably the best secured platforms in the world. They offer a zillion tools to get your workloads as safe as they can be. But: it’s up to you to use these tools. And yes: it comes at a cost. Typically, you have to add something between 5 and 20 dollar per month – depending on the level of actions that you take – per server to protect it from unauthorized access and malicious usage. The diagram shows what actions should be taken to protect workloads in the cloud.

In-depth Defence

It’s not a choice anymore. Security must be top of mind. Cloud posture management must be top of mind as a critical aspect of cloud security. Cloud posture management involves monitoring and enforcing compliance with a set of policies and best practices for cloud infrastructure and applications. With the increasing adoption of cloud technology, it is becoming more important than ever to prioritize cloud posture management in order to ensure the security and compliance of your organization’s cloud assets.

It should be top priority because of the growing number of cyber threats targeting cloud infrastructure. Cybercriminals are constantly finding new ways to exploit vulnerabilities in the cloud, and a lack of proper posture management can leave your organization exposed to these threats. By implementing a robust posture management program, you can proactively identify and mitigate potential vulnerabilities, helping to protect your organization from cyber attacks.

There’s more to it. Let’s talk about compliance. Many organizations are required to adhere to specific security and compliance standards, such as HIPAA, PCI DSS, and GDPR, in order to protect sensitive data and maintain the trust of customers and clients. Failing to properly manage your cloud posture can result in non-compliance, leading to costly fines and damage to your organization’s reputation.

But it’s not only tools and technology. It’s a culture. A way of thinking. It is important to involve all relevant stakeholders, such as IT and security teams, as well as business leaders and end users, in order to ensure the success of the program.  All of these stakeholders must be aware of the threats, the risk and the potential damage that breaches will cause. It’s essential to regularly review and update your posture management policies and procedures in order to stay ahead of evolving threats and compliance requirements.

By implementing a robust posture management program and involving all relevant stakeholders, organizations can proactively protect their cloud assets and ensure the security and compliance of their operations. And that’s why cloud posture management must be top of mind in 2023.

In the forthcoming second edition of ‘Multi-cloud Strategy for Cloud Architects’ (planned for release in June 2023) I will spend a few chapters on cloud security, including posture management, security policies and compliance.


Recent blogs

Helping organizations adopt and manage the cloud – Fujitsu

Since it is not a trivial task to set-up and manage hybrid cloud scenarios across the business, stakeholders often would like to better understand who can offer the critical capabilities to cover all aspects around projects of this size and importance. Hence this blog investigates building blocks and frameworks as a replicable and reliable approach.


The second edition of my first book has been released: “Multi-cloud Strategy for Cloud Architects”. I’m so very proud of this one! In this second edition I also included other emerging clouds, next to the leading ones Azure, AWS and GCP. You will also find content about Oracle Cloud Infrastructure and Alibaba Cloud. Next to […]

Change is the business workout

Digital transformation is about technology. It’s probably the first mistake enterprises make when they start thinking about digital transformation. No: digital transformation is about change. Let’s illustrate that with an example. I do regular workouts. Lifting weights, that kind of stuff. Workouts change my body. In a sense you could compare that with the technology: the […]

Books by Jeroen

Multi-Cloud Administration Guide: Manage and optimize cloud resources across Azure, AWS, GCP, and Alibaba Cloud

In today’s landscape, organizations are embracing multi-cloud strategies to harness the advantages offered by multiple cloud providers. If you want to develop the necessary skills and expertise in managing multi-cloud environments, then this book is tailor-made for you. This is a comprehensive guide that equips you with the knowledge and skills needed to manage multiple […]

Multi-Cloud Architecture and Governance

Everything about multi-cloud, leveraging AWS, Azure, GCP and on premise solutions.