In the technological landscape, cloud computing has radically

transformed this realm by providing flexible, scalable, and cost-effective

infrastructure for organizations of all sizes. However growth of this magnitude

does not come without pains, as the complexity of this field and the threats

faced within scale alongside it. New challenges arise as emerging tech brings in

advanced cyber adversaries, leading to traditional security methods becoming

outdated and unable to keep up. Of the threats that cybersecurity must deal with

these days, the most pressing are quantum computing, advanced persistent

threats (APTs), and supply chain attacks.

Once just a theoretical concept, quantum computing has steadily evolved

towards reaching practical application. What makes quantum computing

different from the classical form is that it utilizes qubits, which have distinct

advantages over the standard bits normal computers use. Most notably, they

make use of an ability called superposition, which “can be described as both 0

and 1, or as all the possible states between 0 and 1 because it actually

represents the probability of the qubit’s state” (Schneider, 2024). This means

that quantum computers are capable of processing at a significantly faster rate.

These functions make quantum computing exceptionally dangerous in one area:

cryptography. Most public-key encryption algorithms are based on

mathematical problems that classical computers struggle to solve. Using Shor’s

algorithm, an algorithm that puts quantum computing in the spotlight, powerful

quantum computing can easily defeat many of today’s encryption methods.

Work on countering this threat has already begun, as the security community

has been developing cryptographic algorithms that can withstand quantum

attacks.
Advanced persistent threats are people, not machines or algorithms, that

infiltrate networks and commit espionage, taking advantage of human lapses in

judgement and monitoring. They are especially dangerous because they can be

backed by criminal organizations and nation-states. APTs are not

uncounterable, as there are means of preventing such lapses made by humans.

Organizations should make use of Zero Trust Architecture (ZTA), a system that

makes use of least privilege. “Least privilege means that users and devices are

only granted the permissions they need to perform their tasks. This helps reduce

the attack surface and makes it more difficult for attackers to gain access to

sensitive data” (Anon, 2023). Other options include behavioral analytics,

continuous monitoring of systems, and robust access controls.

Lastly, “supply chain” attacks are another tactic employed by attackers.

Supply chains do not include physical components alone, but open-source

libraries, third-party services, APIs, etc. These are not the primary targets,

however, as they simply act as a stepping stone towards the broader systems

they are a part of. The interconnectedness of cloud environments ultimately

becomes their downfall, allowing attackers access to one vendor or provider to

another. Rather than steal information, attackers introduce malicious code and

backdoors for other attackers to enter otherwise secure environments. A real

world example would be the SolarWinds incident in 2020, in which “The breadth

of the hack is unprecedented and one of the largest, if not the largest, of its kind
ever recorded…the hack compromised the data, networks and systems of

thousands when SolarWinds inadvertently delivered the backdoor malware as

an update to the Orion software” (Kerner, 2023). In order to mitigate these

attacks, organizations need to assess the third-party vendors or providers they

associate with, as well as making use of DevSecOps in order to employ secure

software development practices.

While these aforementioned threats seem daunting, cloud security

models have begun to evolve to counter them. One model that can serve as the

frontline defense is Zero Trust Architecture. It operates on one principle: “Never

trust, always verify.” ZTA never assumes any user, device, or system is to be

trusted by default. Access is instead granted on a continuous identity check, as

well as device health, location, and user behavior. It is the foundational security

model that protects distributed, cloud-based workloads, particularly in hybrid and

remote-first organizations.

Cloud-native security takes the place of traditional security tools as it

focuses on protecting the cloud stack itself, which includes the services,

workloads, infrastructure, and applications. These architectures focus on

embedding themselves into the runtime environments and development

pipeline, making sure there is protection for an entire lifecycle of cloud

workloads. Using key tools such as Cloud Security Posture Management

(CSPM) for misconfiguration identification and Cloud Infrastructure

Entitlement Management (CIEM) for managing identity permissions, CNS

provides scalable, automated, and context-aware security.

 Finally, we will address cloud security environments that have risen to

meet the challenges presented today: hybrid cloud and multi-cloud

environments. Hybrid cloud environments are where organizations combine

one or more public cloud platforms with on-campus infrastructure; they require a

unified strategy bringing together both legacy and modern cloud services. “With

the hybrid cloud, organizations can experience the best of both worlds. They

can rely on the third-party public cloud to scale and optimize their resources

while still using the on-premises, private cloud to manage more critical

workloads that may require greater levels of security or control” (Anon, n.d).

Multi-Cloud Security involves making usage of multiple cloud providers like

AWS and Azure to prevent vendor lock-in, improve redundancy, and optimize

cost and performance. It offers enhanced security, offers flexibility in regulations

and compliance, and has improved redundancy and reliability.

In conclusion, cloud computing is a field with near limitless possibilities,

but is not free from dangers as threat actors will always seek some way of

stealing information and causing disruptions. The strategy of “castle-and-

moat” no longer functions in today’s world. It requires post-quantum

readiness, proactive defense, robust supply chains, and unified, adaptive

policies. It’s not just about tools, but strategy, culture and continuous

evolution.
 References

Neuens, E. (2023, August 2). What is Zero Trust Architecture? | SANS

Institute. Www.sans.org. https://www.sans.org/blog/what-is-zero-
trust-architecture/

IBM. (2024, February 28). Qubit. Ibm.com.

https://www.ibm.com/think/topics/qubit

Oladimeji, S., & Kerner, S. M. (2023, November 3). SolarWinds hack

explained: Everything you need to know. TechTarget.
https://www.techtarget.com/whatis/feature/SolarWinds-hack-
explained-Everything-you-need-to-know

Microsoft. (n.d.). What Is DevSecOps? Definition and Best Practices |

Microsoft Security. Www.microsoft.com.
https://www.microsoft.com/en-us/security/business/security-
101/what-is-devsecops

Anon. (n.d). What is Hybrid Cloud Computing – Definition | Microsoft Azure.

Azure.microsoft.com. https://azure.microsoft.com/en-
 us/resources/cloud-computing-dictionary/what-is-hybrid-cloud-
computing/

Street Address
City, ST ZIP Code