About usPropertySmart CitiesProject managementEducation
AerospaceFuture of TaxCareers in Tech & EngineeringFuture of workSupporting SMEs
SportBusiness ResilienceNational Inclusion WeekEmployee WellbeingSTEM
FinanceEntrepreneurs & SMEsArtificial IntelligenceSupply Chains & LogisticsGaming & Esports
Life sciencesBusiness TravelDigital TransformationTransportRetail & E-Commerce
ManufacturingSupply ChainManaging Your MoneyBusiness TransformationHealthcare
EdTechApprenticeshipsSustainable BusinessSustainable LivingTransforming the Workplace
Client surveyRenewable Futures
Home » Cybersecurity & Cloud Computing 2025 » Why firms need ‘exposure management’ to reduce cyber risk for cloud and AI
Sponsored

Liat Hayun

VP of Product & Research, Cloud Security, Tenable

    With cloud apps and AI tools creating potentially harmful gaps in a company’s security infrastructure, it’s time to take a ‘know, expose and close’ approach to risk reduction.

    Increasingly, businesses that crave data privacy and protection — which, naturally, should be all of them — are laser-focused on the issue of cloud security. That’s just as well, insists Liat Hayun, VP of Product and Research for Cloud Security at Tenable, and for very sound reasons.

    Cloud security challenges increase

    First, thanks to AI, companies are now more motivated to store exponentially greater amounts of data in the cloud, including sensitive data. Second, while most cloud providers offer their customers great security mechanisms, these may not always provide them with the most effective security for their unique needs. Third, because the cloud can be connected to a company’s own on-premises IT architecture, it becomes a tantalising entry point to the infrastructure of the entire organisation and a gift to any would-be attackers.

    So, companies must ensure their cloud infrastructure is secure. The trouble is: just one cloud environment is complex enough. “But if your business uses multiple cloud environments — for, say, flexibility and/or financial reasons — that complexity is compounded,” says Hayun, highlighting the risks of fragmented tool management as an example. “Different cloud environments will have different tools, each pointing at different problems. Without an aggregated view, some security issues could be missed.”

    Added to that are potential risks presented by the shared responsibility model, where different teams manage different aspects of the cloud environment. “These siloed views can create potentially harmful gaps in security, which is why cloud security needs to have its own level of dedication,” explains Hayun.

    Like any transformative technology,
    AI can be used for good purposes
    and malicious purposes.

    How AI is accelerating risks for organisations

    Unfortunately, the emergence of artificial intelligence only adds to the immediacy of the threat. Simply put, organisations that leverage AI internally are helpfully presenting bad actors with an expanded attack surface and so increasing the risk of security breaches.

    “Like any transformative technology, AI can be used for good purposes and malicious purposes,” says Hayun. “On the malicious side, it can be leveraged for more sophisticated phishing attacks by helping to craft believable emails that victims are more likely to open. AI can also find areas of the cloud environment that are more likely to be misconfigured and therefore exposed. It’s a useful tool for attackers.”

    Other risks from AI stem from ignorance rather than malicious intent: staff may unwittingly upload sensitive information to online AI tools, for example. Although, on the plus side, AI is transforming methods used to protect the cloud by assessing large amounts of data very quickly to identify patterns or anomalies, flag up suspicious activity and help thwart attacks.

    The exposure management approach to cybersecurity

    Organisations should introduce a well-designed ‘exposure management’ approach to cybersecurity — that is, identifying, assessing, prioritising and then addressing the security risks they are exposed to, starting with the most critical risks. Tenable sums this up in three words: ‘Know, expose and close.’

    The ‘know’ aspect is about helping businesses know their cloud resources and understand where security risks may lurk. “But knowing is not enough,” says Hayun. “To provide actual value, we ‘expose’ issues that matter most to an organisation by assessing, prioritising and aggregating cyber risks so that they can focus on what’s most important to them. Then, we ‘close’ by providing the mechanisms and tools to address, mitigate and remedy the security issues we have found. So, it’s not just equipping organisations with knowledge. It’s also making sure they are able to address issues in the most efficient way.”

    Hayun’s advice for any organisation is to understand the very real cyber threats caused by AI and the cloud and act before damage can occur. “When technology evolves, a new risk emerges that must be addressed with cybersecurity tools,” she says. “Now, AI is being introduced into the cloud environment — and the same thing is happening again.”

    Click here to learn more

    Author
    Tony Greenway
    Next
    Share Share
    Topics
    Cybersecurity & Cloud Computing 2025
    Next article

    Do you want to read more? Click here