Data stored in the cloud is projected to reach 100 zettabytes in 2025 (Source: Edge Delta) and 66% of IT and Security leaders said they plan to shift toward using more cloud and SaaS-based services over the next year. (Source: Rubrik Zero Labs)
As organizations adopt the cloud for data storage to reap the benefits of business agility, cost efficiency, and enhanced operational capabilities, the cloud has also become the platform of choice for cyberattacks, such as ransomware and data breaches. Indeed, critical business data stored in cloud applications and SaaS platforms is more vulnerable to accidental deletion, ransomware attacks, and policy misconfigurations than data stored on-premises. The average cost of a data breach is highest for public cloud environments, standing at $5.17 million. (Source: IBM Cost of a Data Breach 2024) and 40% of data breaches involved data stored across multiple environments—public clouds, private clouds, and on-premises.
Given the ongoing cyberattacks aimed at compromising data in the cloud, organizations cannot afford to wait until after their data is compromised. They need to evolve their cybersecurity approach and investments by adopting a cyber resilience strategy now. Here’s how you can take the first steps towards adopting a cyber resilience strategy, including four things to look for in a cyber resilience technology solution.
What is cyber resilience and why is it necessary?
Cyber resilience refers to your ability to keep your organization’s data “healthy”. It is about upholding the integrity and accessibility of your data assets in the face of unceasing cyber threats. Cyber resilience includes the ability to repel a cyberattack and keep your business operational (and essential services available) during and after an attack.
Acknowledging that cyber attacks are inevitable is foundational for building a cyber resilience strategy that integrates people, processes, and technology to proactively identify and classify all your organization’s data, detect and respond to threats, and recover from attacks.
Achieving resilience involves a spectrum of measures:
Implementing stringent security protocols (such as strong passwords and multi-factor authentication)
Educating employees on data security best practices
Establishing appropriate controls to prevent unauthorized alteration or deletion of data
A thorough understanding of sensitive data's volume, location, and access permissions—you cannot protect what you cannot see.
Traditional cybersecurity approaches primarily focus on preventing cyberattacks. Yet, thousands of organizations continue to face a wave of attacks. In just the first quarter of 2025, the average number of cyber attacks per organization across the globe was 1,925 per week, which is 47% higher than the previous year. (Source: Check Point).
Prevention alone is not enough. Once a cyber attack takes place, timely cyber recovery is the top priority for an impacted organization. Every minute of downtime and service disruption has direct financial and operational repercussions. Erosion of trust and reputational damage result from security breaches. Plus, substantial regulatory penalties and legal ramifications stem from non-compliance.
Adopting a cyber resilience strategy for your cloud data can help you proactively minimize the attack surface and successfully recover your business-critical data after an attack with less damage.
Challenges With Cyber Resilience in the Cloud
There are several challenges to keeping data in the cloud secure:
Shared responsibility model: Simply put, data accountability is owned by the cloud customer, not the cloud provider. This includes responsibility for handling data classification, encryption, access management, and data loss prevention.
Cloud misconfigurations: Cloud environments offer extensive flexibility and configuration options, which, if improperly set, can inadvertently expose sensitive data to unauthorized access. The most critical problem is when misconfigurations leave cloud storage buckets or databases publicly accessible or accessible to unintended parties. A common example is an Amazon S3 bucket, or its equivalent in other clouds, that has been set to "public" by mistake. This makes contents available to anyone on the internet, including malicious actors and can result in the leak of sensitive customer data, intellectual property, or financial records.
Identity and Access Management (IAM): Managing identities and access in the cloud is highly complex due to the constantly changing nature of cloud resources, user roles, and permissions. If identity and access management (IAM) is incorrectly configured, users, applications, or services may be granted excessive permissions, violating the principle of least privilege. For cloud storage, this means an attacker who compromises a single account or system with excessive privileges could gain access to, modify, or delete vast amounts of sensitive data they shouldn't have access to, leading to significant data loss or corruption. Since the cloud lacks any physical perimeters, identity has become the key to accessing cloud resources. Threat actors usually can’t inflict much damage without gaining privileged access to a system, so many of the attack methods they use are intended to exploit identity risk.
Four things to look for in a Solution for Cyber Resilience for Cloud Data
To address the challenges outlined above with securing data stored in the cloud, make sure to seek out cyber resilience technology solutions with these characteristics:
Backup and classify your data: When a cyberattack hits, having confidence in your ability to restore data from a clean backup is paramount. It's crucial that your backup data remains untouched, not accidentally or maliciously modified or deleted by unauthorized users. A cyber resilience solution built on an immutable backup architecture can help by preventing your backup data from being affected by ransomware attacks, safeguarding what is often an organization's last line of defense. This immutability is critical for true cyber resilience and swift recovery. Beyond just backing up, you also need to maintain a continuously updated inventory of your data, classify all of it, and apply robust access controls.
Detect cloud data storage misconfigurations: Cloud data storage misconfigurations—whether accidental or malicious, such as an open Amazon S3 bucket or unencrypted database—create serious vulnerabilities. To effectively detect and address these, deploy a cyber resilience solution featuring Data Security Posture Management (DSPM). DSPM continuously scrutinizes your cloud data for weaknesses and misconfigurations. It evaluates your sensitive data's security posture against established security policies and compliance mandates, pinpointing risks like publicly accessible data and unencrypted databases before they can be exploited.
Proactively detect threats in data backups for rapid cyber recovery: Instead of focusing solely on detecting threats within your live production environment—which can become inaccessible during a cyberattack—consider proactively monitoring for threats directly within your cloud data backups. Embrace a cyber resilience solution that leverages your data backups as a primary line of defense. This kind of solution continuously scans your cloud data backups for known malware, using automated threat intelligence to stay ahead of emerging threats. Now your organization can quickly pinpoint specific threats and data anomalies, even if your production systems are compromised. This allows you to rapidly recover your data to a clean recovery point, significantly reducing downtime, cyber Recovery Time Objective (RTO), and the overall impact of a cyberattack.
Address IAM risks with identity resilience: IAM misconfigurations can leave your organization vulnerable to attackers who exploit weaknesses in how users and services access your systems. To combat this, consider implementing a cyber resilience solution with robust identity resilience capabilities. This kind of solution actively monitors both human and non-human identity activity within your environment, looking for anything out of the ordinary. It's designed to spot deviations from normal behavior that could indicate a looming threat. Such deviations can include:
Stale credentials: For example, an account whose password hasn't been changed in over 90 days.
Unused privileges: A highly privileged account that sees infrequent use.
Dormant accounts: An account that’s been inactive for a year or more with no logins.
Anomalous behavior: Any unusual activity on an account or group that could make it easier for an attacker to gain access.
Attackers often leverage these weaknesses. For instance, they might exploit overly permissive access controls to download an unusually large volume of data from cloud storage, access sensitive resources they've never touched before, or attempt to elevate their privileges. By identifying these indicators of exposure (IOEs), an identity resilience solution can significantly mitigate data risks and prevent a small misconfiguration from turning into a major breach.
Keep in mind that technology solutions alone aren't enough. You and your cloud provider should regularly test your incident response and recovery plan. This proactive measure helps you identify and resolve any gaps in your data visibility and access controls before an actual cyber incident strikes, ensuring you're ready when it matters most.
To learn more about how Rubrik can help your organization with cyber resilience and recovery in the cloud, check out these resources: