*By Rodolfo Ramponi and Ernesto Tachoires
More and more companies are adopting multicloud strategies, combining different cloud computing providers and platforms to achieve greater flexibility, scalability, and cost optimization. This approach allows them to leverage the best of each service while reducing dependence on a single vendor. Gartner predicts that more than 501,000 companies will use cloud platforms by 2028 to accelerate their business initiatives.
However, the growth in usage, whether in multicloud or hybrid environments, has also led to a significant increase in cyberattacks on infrastructure, creating management complexity and a lack of visibility into distributed environments. According to the Cloud Security Alliance (CSA), only 231% of organizations claim to have full visibility into their environments—from code to the cloud—while 77% acknowledge that they lack this complete view. The evolution of attacks such as ransomware, targeted phishing, data exfiltration, and supply chain attacks, coupled with the talent shortage to manage corporate environments, reinforces a worrying fact: threats advance faster than most companies' internal response capabilities.
It's a fact that cloud adoption is inevitable for companies seeking innovation and competitiveness, but reaping its benefits without sacrificing security requires attention to critical aspects. In this context, Managed Security Services (MSSPs) are consolidating themselves as a key component of organizational resilience. A qualified provider goes beyond monitoring and incident response by integrating practical experience, advanced technologies, and strategic vision to anticipate risks and strengthen security posture. Thus, models such as MDR (Managed Detection and Response) have been growing precisely because they offer continuous monitoring, proactive threat hunting, and rapid incident response—indispensable capabilities in an environment where attacks can no longer be addressed with basic internal measures alone.
It's crucial that security is present from the outset, with controls incorporated at the time of migration, rather than being addressed only as a remedial measure, as remediating flaws later tends to be more costly and risky. It's also essential to understand the principle of shared responsibility: cloud protection doesn't fall solely on the provider, but must be built collaboratively, which implies robust architectures, continuous monitoring, and clear governance of roles and responsibilities. Another key aspect is the use of modern technologies capable of handling increasingly dynamic environments.
Investing in advanced protection technologies, such as a cloud-native application protection platform (CNAPP), cloud-based network and security architecture (SASE), a cloud security solution that automates access rights and privilege management (CIEM) in cloud environments, Data Security Posture Management (DSPM), and a cybersecurity service that combines advanced technology and human expertise to monitor, detect, and respond to security threats in real time (MDR), provides comprehensive visibility and continuous monitoring of the environment. With these solutions, the IT team can quickly detect anomalies and proactively respond to incidents.
Finally, no strategy will be effective without ongoing training. Training teams to work with concepts like Zero Trust, identity management, and advanced cloud security practices ensures not only data protection but also the maturity needed to sustain a resilient digital operation.
Companies that partner with specialized providers gain a competitive advantage by transforming security into an innovation enabler, creating trusted environments for digital expansion. In a scenario where the cloud is both a driver of innovation and a prime target for attacks, investing in cybersecurity is no longer optional; it's a prerequisite for business continuity and trust.
*Rodolfo Ramponi is a cybersecurity specialist and Ernesto Tachoires is corporate cybersecurity director, both at SONDA, a regional leader in Digital Transformation.
Notice: The opinion expressed in this article is the responsibility of its authors and not of ABES – Brazilian Association of Software Companies
EN 
PT 
