Organisations are pressed into needing a way to gain visibility and control across their hybrid infrastructures – an approach that provides the CISO with actionable insights to minimise the attack surface while meeting the reporting requirements of the boardroom.

The hybrid cloud is real, and in fact, 81% of enterprises are adopting a multi-cloud architecture, spanning on-premise and one or more public cloud providers. And this won’t go away anytime soon, with about 1/3 of workloads remaining on-premise in 2025, sometimes the most critical, according to 250 CISOs and team members polled in March.

But there is a problem. A good 77% of IT personnel identify security as still a barrier to adoption, and almost the same number of people cited a lack visibility across their hybrid cloud.

The top two concerns identified were verification that public cloud accounts are secure (69%) and confirmation that workloads in the cloud are secure as well. This lends credence to the reality that both account and workload security are critical.

Security is still a key issue and barrier to adopting a hybrid cloud architecture, with specific concerns including increased complexity (55%), a lack of visibility into cloud endpoints (32%), difficulty instituting security controls (37%), and a clear need for more assessment tools (29%).

62% use separate tools to secure their on-premise and cloud environments, and less than half of respondents currently use a security solution spanning on-premise and cloud.

A concerning finding was that 40% of respondents only use the tools provided by the cloud provider, which are considered by most to be incomplete.

The survey also found that half of the 250 respondents have deployed on Azure as part of a hybrid cloud strategy, demonstrating the strong momentum it’s experiencing as an equal to AWS in services offered, as well as traction within Microsoft’s account base.

So what is CyberPosture, a word that you’ll be seeing more of in the future? It is verifying that your slice of the public cloud is secure, be it IaaS, PaaS, SaaS, or even FaaS. It is confirming that your workloads (servers) in the cloud are secure as well, be they VMs or containers. It is ensuring that sensitive data if in the cloud, is secured, being able to pass your periodic security audits, and not only securing your own infrastructure but those of your critical suppliers and partners. Finally, it is an architecture to help you truly understand the risks and deficiencies that are part of any hybrid cloud infrastructure. One that permits you to effectively balance your risk tolerance with skills and budgets.

CyberPosture is closely aligned with the rise of DevSecOps, the automation of security within DevOps to ensure a more secure cloud infrastructure and to offer more automated remediation when issues are discovered. In a break from the past, SecOps will no longer be held as a barrier to agile development. They will regain their place at the table as an enabler. Who manages this? The ‘Cloud Security Architect’ runs point, bringing together skillsets from across the organisation in a ‘Cloud Centre of Excellence.’

How do you achieve CyberPosture? As with any type of posture, it doesn’t just come to you. You actively set off to achieve it.