Cloud Security Considerations for the Hybrid Multicloud & AI Era -- Virtualization Review

Cloud Security Considerations for the Hybrid Multicloud & AI Era

By David Ramel
06/06/2025

As organizations accelerate their adoption of hybrid and multicloud environments -- and as AI becomes a core part of IT strategy -- security leaders face a daunting new landscape. That was the central theme at today's Zero Trust Strategies for the Hybrid Multicloud and AI Era Summit featuring renowned security architect John O'Neill, Sr., now available on-demand.

O'Neill, Sr.'s presentation was packed with practical advice and expert perspective on building zero-trust frameworks for today's complex IT environments. The session was wide-ranging and insight-rich -- far too much to cover in a single article. For this recap, we'll focus on two of the most urgent topics from his talk: Cloud Security Considerations and Integrating AI & ML in Security Operations.

"It's impossible to state how many organizations I go into where they think they have this dialed in and they get it wrong."

John O'Neill, Sr., Chief Innovation Officer with Azure Innovators

Here are some of the top takeaways from those sections.

Cloud Security Considerations

Understand the shared responsibility model: "It's impossible to state how many organizations I go into where they think they have this dialed in and they get it wrong," O'Neill, Sr. warned. He pointed to a misconfigured AWS S3 bucket compromise at Tesla as an example, adding: "A lot of this misconfiguration was simply because there wasn't a proper understanding and ownership of whose responsibility was what for what."
Cloud security posture management (CSPM): O'Neill, Sr. advised organizations to "implement cloud security posture management tools or their native solutions to help you accomplish this," emphasizing that these tools can help organizations avoid cloud misconfigurations.
Cloud workload protection platforms: "Deploy cloud workload protection for vulnerability management across cloud instances," he said, underscoring the need to secure cloud workloads as part of a modern zero-trust strategy.
Identity and access management for cloud: He recommended organizations use "cloud-native IAM services like AWS IAM, Entra ID, Google Cloud Identity with service accounts and role-based access controls," ensuring that identity and access remain tightly controlled across cloud environments.
Multi-cloud security orchestration: O'Neill, Sr. summarized the overall importance of applying these practices consistently: "These are all things we can do when it comes to cloud security," encouraging attendees to take a broad and unified approach to multi-cloud environments.
Compliance and governance frameworks: He added that organizations should also "implement infrastructure as code security scanning tools right to prevent misconfigurations," connecting security automation to broader compliance and governance efforts.

All of the above is just one part of O'Neill, Sr.'s comprehensive presentation, which is too big to cover completely here. He emphasized that organizations must take a holistic view, integrating these practices into their overall security strategy rather than treating them as isolated tasks. He also touched upon the topic of the time: AI. For a taste of what else O'Neill, Sr. imparted to his audience, here's a brief summary of the AI/ML considerations he discussed in his session.

Integrating AI & ML in Security Operations

Behavioral analytics and anomaly detection: "Microsoft AI-powered security systems analyze over 65 trillion signals daily detecting threats up to 25% faster than traditional methods," O'Neill, Sr. explained, highlighting the scale at which AI is being applied to threat detection.
Automated threat response: "We want to implement automated threat response using AI," he said, but cautioned: "We need to be prudent. We need to be careful because if we simply automate isolating endpoints... an attacker could actually exploit that to create a denial of service situation."
User and entity behavior analytics (UEBA): "We can use AI for risk assessments, behavior analytics, security orchestration," he said -- summarizing the kinds of AI-powered analytics organizations can leverage to improve security outcomes.
Predictive risk assessment: O'Neill, Sr. again referred to AI being used for "risk assessments," though the phrase "predictive" is not used verbatim -- so this item is paraphrased accordingly to reflect risk-based assessment using AI tools.
AI-powered security orchestration: "We can use AI for risk assessments, behavior analytics, security orchestration," O'Neill, Sr. reiterated, reinforcing the potential of AI to improve orchestration across security platforms.
Model security: "It's important that we implement proper solutions to secure our models," he stressed. Without this, attackers could exploit weaknesses in AI-based defenses: "If we don't lock down those models that we're using... I would consider highly likely."

O'Neill, Sr.'s session delivered a clear-eyed look at the challenges and opportunities facing IT leaders as they navigate the intersection of cloud, AI, and zero trust. While his full presentation covered much more -- from zero trust architecture fundamentals to practical deployment tips -- these two areas are especially urgent for organizations looking to modernize their security strategies in 2025.

For those who missed the live event, the session is available on-demand. Throughout his presentation, O'Neill, Sr. emphasized that zero trust is not a product but an evolving strategy -- one that organizations must implement gradually through continuous decisions and improvements.

And, although replays are fine -- this was just today, after all, so timeliness isn't an issue -- there are benefits of attending such summits and webcasts from Virtualization & Cloud Review and sister sites in person. Paramount among these is the ability to ask questions of the presenters, a rare chance to get one-on-one advice from bona fide subject matter experts (not to mention the chance to win free prizes -- in this case High-End Bose Noise Cancelling Headphones provided by sponsors Keeper Security and Zoho, which also presented at the summit).

With all that in mind, here are some upcoming summits and webcasts coming up through the rest of June from our parent company: