13 Cloud Security Best Practices for 2026

How to secure the cloud against today’s threats

Organizations continue to migrate at least some of their workloads into the cloud, especially if employees or third parties need access to applications and data.

In 2025, 70% of organizations accelerated their migration to cloud, which is up from 63% in 2024, according to tech marketing firm Foundry’s Cloud Computing Survey. Additionally, 61% of organizations planned to increase cloud spending by about 15%.

Migrating to the cloud means that organizations need to rethink how they handle cybersecurity as not all previous strategies extend into the cloud effectively. To keep data, applications, and systems secure in the cloud, organizations need to implement the right cloud security tools, technologies, and processes.

Use the following cloud security best practices to assist in protecting your cloud environments and assets. 

1. Understand the cloud shared responsibility model

Before doing anything, you need to determine what you are responsible for when it comes to cloud security. The cloud shared responsibility model outlines what security cloud service providers (CSP) offer and what organizations need to handle themselves.

Each CSP will differ slightly on what they will or won’t provide protections for, but, generally speaking, CSPs monitor and protect cloud environments and customers secure their assets and data hosted in the cloud.

The type of cloud deployment that an organization implements will impact the shared responsibility, too. For infrastructure as a service (IaaS), the CSP secures the infrastructure and the customer protects user, applications, endpoint, network, workload, and data security.

For platform as a service (PaaS), CSPs protect the platform, while the customer secures network, workload, applications, and user security. For software as a service (SaaS), CSPs protect the application, while the customer secures network, user, and endpoint security.

Once you understand what your responsibility is, then you can develop your cloud security strategy and adopt necessary cloud security tools.

2. Use zero-trust methodology

“Never trust, always verify” should be every company’s mantra. Zero trust isn’t a singular tool to adopt, but rather a methodology for handling access to assets and data.

This applies to all access requests, whether inside the network or not. Remote employees and third-party access to assets is now typical, which means focusing on network protection won’t keep all critical business data and cloud workloads safe.

With zero trust, organizations can limit the possibility of unauthorized access and lateral movement if already past initial access points. Create security policies that require verification of the user or non-human identity before granting access requests, then have additional authentication needed for more sensitive data access.

Gather as much data around the account requesting access (e.g., credentials, location, endpoint information, etc.) to be as sure as possible accounts are who or what they say they are.

3. Harden network security

By securing the perimeter with hardened network security practices, organizations can prevent common cyberattacks, such as malware, denial of service and distributed denial of service, and SQL injection.

There are different network security tools to consider, including firewalls, VPNs, intrusion detection systems, and web application firewalls. Implementing each will provide a defense-in-depth security strategy that helps prevent attacks from continuing if one tool should fail.

From there, limit lateral movement by threat actors that get past initial network defense with network segmentation and microsegmentation.

With microsegmentation, smaller cloud zones are created using static rules and firewalls, routers, and switches. This way, if attackers get into the network, they don’t get access to everything.

4. Implement strong identity and access management

Robust identity and access management (IAM) tools and processes are integral for keeping data secure, and to follow zero-trust principles by limiting who and what can access it.

Some IAM best practices for cloud include:

• Use multi-factor authentication: Keep data secure by requiring all accounts to have additional authentication factors before approving access.
• Adopt principle of least privilege: Limit permissions for each account to only provide it with what it needs access to and nothing further. 
• Manage and limit service accounts: Keep admin accounts and permissions to the minimum needed.
• Audit accounts periodically: Regularly review accounts and permissions to ensure that accounts are active and that permissions remain appropriate for the role.

Depending on the complexity of your cloud environments, your organization may need cloud-native tools, such as cloud infrastructure and entitlement management (CIEM).

CIEM is better equipped than traditional IAM tools to keep cloud access secure. CIEM tools provide deep visibility into cloud environments to discover outdated accounts, elevated permissions, and overpowered identities to reduce cloud risks.

5. Adopt secure development practices

Security should be a part of everything at an organization, and that includes software development. This is often called the shift-left movement, integrating security from initial builds to the final market-ready application.

The best way to secure CI/CD pipelines is by following the secure software development lifecycle (SSDLC). The SSDLC is broken out into six phases:

1. Planning: Determine the security risks and create a plan for how to address them during development, including secrets management, data encryption, access controls, and frameworks to use.
2. Design: Outline the secure software architecture to identify potential attack vectors, implement secure coding standards, and integrate authentication and authorization processes.
3. Development: App development starts here and should follow the secure coding standards determined before, and perform continuous vulnerability management to discover weaknesses and remediate them.
4. Testing: Use automated testing tools, vulnerability scanning, and manual reviews to ensure the software follows secure software architecture and coding standards.
5. Deployment: Before the application goes live, verify that all vulnerabilities were remediated and no new weaknesses were discovered.
6. Maintenance: Security is an ongoing process, so keep monitoring the application for vulnerabilities and remediate them as they crop up.

6. Protect cloud workloads

Scaling up in the cloud involves the use of short-lived or ephemeral workloads, such as containers, virtual machines (VM), containers as a service (CaaS), and serverless functions.

Security becomes a challenge because containers and other workloads are spun up and down all the time, which introduces visibility gaps and potential data exposure.

Ways to strengthen container security and cloud workloads include:

• Scanning container images for risks. 
• Hardening containers against common misconfigurations and vulnerabilities.
• Incorporating infrastructure as code (IaC) scanning and policy as code security approaches.
• Implementing container runtime security.
• Using role-based access control.
• Setting up real-time events and log auditing.
• Isolating and investigating ephemeral workloads if suspicious behavior is detected.

7. Perform continuous threat detection and response

To secure cloud workloads and data, organizations need to adopt cloud security tools that can continuously monitor and detect threats and then respond to them.

Threat detection and response (TDR) tools detect and analyze anomalous network behavior (e.g., unusual traffic patterns or privilege escalation attempts). TDR tools can then perform some automated responses, such as blocking further access or sending an alert to the security team for manual review.

Implement the MITRE ATT&CK framework to assist with developing processes, policies, and procedures for handling threat detection and response. MITRE helps organizations understand the common adversary tactics, techniques, and procedures (TTPs) and how to respond.

Review TDR capabilities and all monitoring logging and data to understand where potential security gaps exist and improve the organization’s security posture.

8. Create cloud security playbooks for incident response

You need to know how to respond in the event of different incidents to improve business resilience. This means creating playbooks for how to handle general incident response, data breaches, business continuity, and disaster recovery.

Incident response playbooks create a standardized response that enables employees to understand the different roles and responsibilities for everyone. Playbooks should plainly explain the processes, procedures, and policies needed to maintain business continuity or recovery.

Processes to include in a playbook include: 

• How to identify risks and issues. 
• How to mitigate the risk, incident, or issue.
• How to handle internal and external communication.
• How to begin resuming regular business operations.

After developing playbooks for different potential incidents, perform incident exercises with employees so they understand how the process works. They need to have a general idea before an incident occurs so they aren’t turning to the playbooks in a blind panic.

Following an incident, review whether the playbook worked as intended and make any necessary adjustments to it to ensure a smoother process next time.

9. Keep data secure and encrypted

Unsurprisingly, data security is an integral part of security, especially as organizations migrate to the cloud and allow for remote access. Preventing unauthorized access to data is integral to keep the organization from reputational and business harm.

First, organizations should implement data classification to understand the different types of data they handle and how it needs to be secured and accessed. Data classification policies organize data according to its sensitivity.

Alongside data classification, organizations need to implement encryption for data at rest, in use, and in transit. Implement strong encryption to prevent unauthorized access now and in the future.

Encryption algorithms used should be vetted to be secure from post-quantum computing. PQC will lead to some current cryptographic standards being broken and any data secured using them vulnerable. By migrating to PQC cryptographic standards, organizations can limit “harvest now, decrypt later” attacks.

Use strong secrets management to ensure encryption keys remain protected from unauthorized access. Some CSPs provide secrets management capabilities, while organizations may be responsible and should consider hardware security modules or cloud-native secrets management tools.

Lastly, schedule data backup at regular intervals to prevent minimal business disruption should systems go down temporarily, or if threat actors attempt to encrypt or exfiltrate data. Quick recovery after an incident ensures minimal losses to the bottom line and limits reputational damage.

10. Follow compliance and governance

Governments are pushing more and more cybersecurity regulations, and noncompliance can cost your organization. Fines for GDPR noncompliance, for example, can be as high as 4% of an organization’s global revenue.

So, organizations need to really study and determine what regulations apply to them and how to comply. For example, GDPR involves data security for personally identifiable information (PII), SOC 2 is for protecting customer data at service providers, and HIPAA is for securing healthcare data.

Ensure compliance by clearly tying specific security controls and strategies to regulations. Consider how the U.S. Securities and Exchange Commission requires public companies to report security incidents, while the EU’s DORA mandates how organizations handle risk management and cyber resilience.

Adopt compliance auditing tools that feature automation capabilities to more easily determine if your organization continues to follow regulations and identify gaps to fix before they become fines.

11. Implement patch and vulnerability management

Regular patch management and vulnerability management for cloud tools and environments helps reduce the window of opportunity for threat actors to exploit weaknesses and vulnerabilities.

Attackers like to target vulnerabilities and unpatched systems, which makes it all the more important that organizations find a way to keep up. For patch management, organizations should work to minimize potential downtime that would cause some to push back updates.

Before applying patches to live environments, test them in an isolated environment and then release them in a consistent schedule.

To keep up with vulnerabilities, organizations should implement a vulnerability management program where they continuously scan for vulnerabilities. The goal shouldn’t be to just remediate every issue, but to fix the ones that impact your organization.

Some vulnerability management tools provide context around each flaw or weakness and help create a risk score to determine which vulnerabilities to address first. If it would affect a live environment, maybe solve it first, while something impacting a dev server can wait.

12. Remediate misconfigurations

Alongside patch and vulnerability management, organizations need to monitor systems and applications for misconfigurations. This includes accidentally exposing S3 buckets to the internet, leaving ports open, and poor access controls.

Misconfigurated software and services remain a popular attack vector for threat actors. So, organizations need to ensure they use tools, such as cloud-native application protection platforms (CNAPP) or cloud security posture management (CSPM), to monitor for misconfigurations and remediate them based upon their context and potential risk.

By addressing misconfigurations and vulnerabilities, your organization can strengthen its security posture and prevent common cyberattacks.

13. Build a security culture

Lastly, your organization should cultivate awareness of security processes, policies, and best practices that all employees are trained on. Regularly review security training for all employees so they understand how to keep themselves and the company safe.

Cybersecurity training is important to help employees reduce risky behaviors (e.g., poor password usage, leaving computers unlocked and unattended, etc.). They will learn and understand how to spot phishing emails and other potential security threats.

Alongside security training, other ways to build security awareness in the workplace include posting reminders in the workplace, testing employees on what they learned, and keeping it simple so it’s not overly stressful to follow procedure and processes.

Instill ownership and accountability in employees so they know their responsibilities and the repercussions should they not follow security procedures.

Secure your cloud with Sysdig CNAPP

Successful cloud security is an ongoing process that involves protecting sensitive data and business-critical workloads beyond the traditional security perimeter. CNAPP solves the problem of data siloes and visibility gaps, while providing comprehensive security in the cloud.

Adopt Sysdig CNAPP to get a unified cloud security experience where real-time security moves at cloud speed. Discover threats, weaknesses, and vulnerabilities before a data breach happens, and use agentic AI to move faster than attackers.

Our CNAPP solution provides comprehensive security solutions, including CSPM, CIEM, CWPP, and vulnerability management capabilities.

Do Cloud Security the Right Way

DOWNLOAD BLUEPRINT