Cloud security experts warn of control plane risks

Technology firms have issued warnings about emerging cloud security risks ahead of World Cloud Security Day. Senior executives from Adactin, ClickHouse and Fastly highlighted shifts in how organisations should view threats in modern cloud environments.

Industry voices are drawing a clear line between traditional perimeter-based defences and what they see as a new class of risks inside cloud control planes, data platforms and edge infrastructure. They point to the rapid growth of distributed systems, machine-driven access and security data volumes as pressure points for organisations still relying on legacy approaches.

Control plane exposure

Adactin executives argue that cloud risk has shifted away from infrastructure and network edges. In their view, attackers are now focusing on identities, permissions and automation pipelines at the heart of cloud management.

"World Cloud Security Day is increasingly prompting a rethink of where cloud risk truly sits. While security discussions have traditionally focused on infrastructure and perimeter controls, industry attention has shifted towards a different reality: most cloud incidents now begin with valid access, not technical exploits. Modern cloud environments are governed by a control plane made up of identities, permissions, APIs, and automation, and it is this layer, rather than the underlying infrastructure, that has become the most attractive target. The perimeter hasn't failed; it has largely ceased to exist," said Giri Jayaprakash, Head - AI and Cloud Solutions, Adactin.

A particular concern is identity growth at scale, especially the expansion of non-human identities and service accounts in automated cloud pipelines.

"Indeed, today, a growing area of concern is identity and permission drift at scale. As organisations adopt automation, CI/CD pipelines, and infrastructure‐as‐code, cloud environments evolve continuously. Identities, particularly non‐human ones such as service accounts and automated workloads, are created rapidly to support agility, while governance processes often remain periodic and manual. Over time, access accumulates incrementally, creating environments that may appear compliant during reviews but are operationally exposed in day‐to‐day use. This gap between cloud speed and governance speed is increasingly recognised as a systemic risk rather than an isolated misconfiguration issue," Jayaprakash said.

Data volume strain

ClickHouse frames the security challenge through the lens of data growth, arguing that expanding cloud workloads have driven a surge in security telemetry, including access logs, network flows and configuration data.

"As cloud environments scale, the volume of security telemetry scales with them: access logs, network flows, configuration changes, all growing exponentially. Most of the traditional security tooling organisations rely on was built around batch-oriented, sampled data, and these platforms actually encourage teams to reduce what they ingest to keep costs manageable, which means the granular, high-cardinality detail where real threats tend to surface gets aggregated away long before a security analyst ever sees it," said Paul Davis, Area Vice President Sales APAC, ClickHouse.

Davis said this shift exposes the limits of first-generation cloud security tools. He contrasted them with newer analytics platforms and pointed to customer use cases involving massive data ingestion.

"This is exactly a kind of problem ClickHouse was built to solve. As a high-performance data platform powering workloads across real-time analytics, data warehousing, observability, and AI/ML, ClickHouse gives security teams the ability to unify logs, traces, and metrics into a single analytical layer and run sub-second queries across billions of events at full fidelity. Customers like LaunchDarkly already ingest petabytes of event data monthly through ClickHouse, and on our own cloud platform we've invested heavily in enterprise-grade controls including multi-tiered role-based access, SAML SSO with just-in-time provisioning, customer-managed encryption keys, and certifications spanning SOC 2 Type II, ISO 27001, HIPAA, and PCI DSS. We've also recently acquired Langfuse, the open-source LLM engineering platform, which brings tracing, evaluation, and alerting for agentic AI systems, because as agents become more embedded in cloud infrastructure, having visibility into how they behave matters just as much as monitoring the infrastructure they run on," Davis said.

Edge-based defences

Fastly is urging organisations to reassess architectures that rely on multiple discrete security tools, pointing to the operational burden of fragmented defences across on-premise and cloud environments.

"As cloud environments grow more distributed, the 'complexity tax' - the accumulated risk of managing disconnected security tools spread across infrastructure - has become a measurable liability," said Guy Brown, Senior Enterprise Security Architect APJ, Fastly.

Brown argued for consolidating controls at the network edge, linking this approach to a single layer for traffic enforcement and visibility.

"For World Cloud Security Day 2026, the priority must shift from layering on point solutions to consolidating security where traffic actually flows. For most organisations, that means the edge: the one place where real-time visibility across the entire attack surface becomes possible, and where global policies can be enforced consistently," Brown said.

Together, the comments point to a converging theme of systemic risk in cloud security. They highlight identity governance drift, data overload in threat detection workflows and operational complexity as organisations expand their use of public cloud and automation.