Cloud Sprawl, too much of a good thing?

Only a few months into the global pandemic, in April 2020, Satya Nadella, CEO of Microsoft stated they’d seen two years’ worth of digital transformation in 2 months.  Well, it didn’t stop there, according to Gartner, spending on public cloud services grew 20.4% from $410.9 billion in 2021 to $494.7 billion in 2022 and it is expected to reach nearly $600 billion by 2023.

As organisations rushed to enable their remote workforce and to innovate, grow and compete they rapidly adopted cloud infrastructure, assets and applications. This accelerated the expansion of the attack surface and has introduced new risks to organisations often without the requisite time to properly consider risk mitigation or cloud security controls.

Cloud Security Insights from Adarma Experts

Cybersecurity leaders need to enable the organisation to move to the cloud securely, and in some cases, retrospectively secure cloud environments that may have increased the organisations exposure beyond acceptable tolerance levels, follow our Cloud Security blog series to learn more.

Research Paper: Why managing your threat exposure is even more complex in a cloud-smart world

Throughout the past two years organisations have deployed more infrastructure, systems and applications to the cloud as they enabled an almost entirely remote workforce and learnt to compete on a global scale in conditions the world had not seen before. In this haste to innovate, grow and remain competitive many have suffered cloud sprawl and now struggle to get visibility of, and understand the nature of their cloud environments.

Furthermore, these cloud deployments were often installed without the proper security policies or guardrails in place, meaning not only has the attack surface expanded but the likelihood of misconfigurations has grown. Coupled with this, many organisations have expanded their supply chain to integrate with many third-party organisations in the cloud, exposing them to additional risk as their digital interconnected eco-system proliferates.

To manage this heightened exposure, organisations first need to understand the attack surface they are trying to protect, this encompasses not only their on-premises and cloud environments but also the third parties they are integrating, connecting and transacting with. Only by understanding and subsequently consolidating your attack surface, can you effectively monitor it for misconfigurations, the most likely weakness an attacker will exploit.

This research paper explores how cloud deployments have accelerated and evolved during the pandemic. It looks at third-party risk introduced through expanding digital eco-systems and how IT leaders are dealing with a growing attack surface across cloud environments. We discuss how to get visibility and an understanding of your complete attack surface, from cloud deployments to third party suppliers, and the importance of a well-planned strategy for security monitoring and response.

Computing surveyed 150 IT leaders from a variety of sectors including education, technology, finance and the public sector. The majority were involved with cyber security strategy.

Fill in the form to download the research paper

ransomware panel event

Watch on-demand

Why managing your threat exposure is even more complex in a cloud-smart world


Fayaz Khaki, Attack Surface Management Practice Lead at Adarma

John Tipton, Senior Security Consultant at Adarma

“We’re seeing people moving quickly, but they’re moving dangerously with regard to security”

Cloud misconfigurations present a major opportunity for cybercriminals to attack your organisation and steal your data.

Hear from our Cloud Security team in the video below for advice on reducing the risk of your cloud deployments.

Take back control of your cloud attack surface: Getting Started


Cyber security assessments

Public Cloud Security Assessment

Public cloud comes with risks and security holes. You may have valid concerns around the lack of visibility of your data being placed in unauthorised environments and access control to unmanaged environments, which could lead to theft of data.

Our cloud security consultant team gives you visibility of what organisational assets are in the cloud and any shadow IaaS, enabling you to apply consistent standards and controls across multiple cloud providers. We also report on access, permissions, privileges and highlight any weakness or misconfiguration

Cyber security assessments

SaaS Discovery Assessment


The use of SaaS apps for collaboration, sharing, development, project management are still growing across every business function and that’s the ones you know about.

Our team helps you discover the apps which are in use including the unauthorised, we analyse the threat-risk of the apps and assess them against your relevant compliance standards. We deliver detailed threat-risk based recommendations and mitigation actions and a roadmap to improve the management of cloud apps and steps to achieve continuous discovery and usage monitoring.


Cloud Security Best Practices:  Top Tips from our Cloud Security Consulting Team

Download the Whitepaper

Considerations for Introducing Detection & Response into a Multi-Cloud and Data Centre Environment

Explore the considerations for creating a scalable security monitoring and response solution across the constantly changing, multi-cloud and traditional data centre environments of the typical large enterprise.


Let’s talk.

Speak to our experts and see how we can help protect your business.

Contact Us