2025 - 05 - 20
Cybersecurity is no longer limited to firewalls and antivirus
The rapid digitization of companies has led to new threats, much more complex than yesterday’s viruses. In a distributed world where people, applications and data are no longer confined to the corporate network, old perimeter security models are no longer sufficient. The development of cloud, hybrid work, connected objects and SaaS services has created a changing environment where identity and access management have become the new perimeters to defend.
According to Verizon’s 2024 Data Breach Report, more than 80% of incidents are related to compromised or poorly protected access. The majority of attacks exploit human vulnerabilities or poorly managed access rights.
It is therefore urgent to rethink cybersecurity not as an additional layer, but as an integrated architecture from the conception of any IT strategy, including cloud. This is where concepts like Zero Trust come in.
Cloud and cybersecurity: specific risks that require a dedicated approach
The move to the cloud offers many advantages: agility, scalability, cost reduction. But it also introduces increased exposure if cybersecurity is not adapted. Unlike an on-premise infrastructure, the cloud is based on a shared responsibility model : the infrastructure is secured by the provider, but configuration, access and data are the responsibility of the customer.
In short, a bad configuration of your cloud resources (excessive fees, lack of encryption, exposed interfaces) can become a critical flaw, even if the provider is ISO or HDS certified.
In addition, cloud environments are dynamic: virtual machines created on the fly, containers, temporary databases... It becomes impossible to secure this type of infrastructure with conventional tools, designed for stable environments.
Cybercriminals have understood it : attacks on cloud environments (API access, shadow IT, misconfigurations) are on the rise. A cloud strategy cannot be dissociated from a security strategy adapted to this changing reality.
Zero Trust: pillar of modern, cloud-ready cybersecurity
In the face of these new challenges, the Zero Trust Network Access (ZTNA) model is gaining ground. Its principle is simple : never trust, always check, even within the network perimeter. Every user, every device, every application must be authenticated, authorized and monitored at all times.
Zero Trust is based on three key pillars:
- Strict identity verification (MFA, SSO, IAM)
- Micro-segmentation of the network and access rights
- Ongoing monitoring and behaviour analysis
In a cloud environment, this model makes perfect sense. It helps to limit the scope of a potential compromise, significantly reduce the attack surface, and ensure greater compliance with standards such as GDPR or ISO 27001.
But adopting a Zero Trust strategy is not decreed. It is a cross-cutting project involving IT, CIO, HR, general management... It is a cultural as well as technical transformation, which requires support, adapted tools and strategic vision.
Governance, audit, resilience: the new pillars of cybersecurity
Beyond technology, modern cybersecurity is based on clear governance. Who has access to what? What are the critical flows? Where are sensitive data stored? These issues must be addressed through documented policies, audit procedures and remediation plans.
In addition, the company must strengthen its detection and response capacity. An undetected ransomware for 48 hours can cost hundreds of thousands of euros. Solutions such as EDR, XDR, SIEM or SOC enable proactive and automated cyber surveillance integrated into cloud environments.
Finally, resilience must become an end in itself. It is no longer a matter of preventing the incident at all costs, but of ensuring that the company can continue to operate even in the event of an attack. This requires the implementation of encrypted backups, business continuity plans (PCA) and disaster recovery (PRA), ideally hosted in redundant cloud infrastructures.
Why get support in your cloud cybersecurity strategy
Implementing a cyber security strategy that is cloud-ready and based on zero trust is complex. It requires specific skills, often absent from internal teams, and requires constant technological monitoring.
Using a specialized service provider such as UNIVIRTUAL means receiving support on three fronts:
- Audit and map the risks associated with your existing cloud architecture.
- Deployment of a secure infrastructure, integrating modern tools (application firewalls, MFA, network segmentation, bastion, SIEM...).
- Training and support for change, to make users and IT teams aware of new uses.
Our sovereign cloud infrastructures, hosted in France and Switzerland, are designed to meet the most stringent security and compliance requirements. We support our clients in the implementation of secure and auditable environments, adapted to their business.
Conclusion: without a cloud strategy and zero trust, your cybersecurity is incomplete
The proliferation of attacks, the transformation of usage, and the outsourcing of infrastructures make any IT strategy that is not based on a cloud-native approach and Zero Trust obsolete. CIOs and CTOs need to re-examine their security model in depth, not as a defensive layer but as a nervous system integrated into the entire infrastructure.
This transformation is not just a technical challenge. It requires method, strategic alignment and coaching.
At UNIVIRTUAL, we help companies secure their digital transformation. Because today, cybersecurity is no longer just an IT project. It is a pillar of the company’s sustainability.
