Cloud security gaps persist as adoption accelerates, warns industry expert

Cloud security gaps persist as adoption accelerates, warns industry expert

Johannesburg, South Africa – 20 April 2026 - As organisations continue to accelerate their migration to cloud environments, significant security risks remain, largely driven by misconfigurations, human error, and the growing complexity of modern cloud architectures.

This is according to Benjamin Coetzer, Director at evoila Africa and formerly known as Routed, who notes that while cloud adoption has matured, security strategies have not kept pace.

“Cloud security operates on a shared responsibility model, yet many organisations still misunderstand where their responsibilities begin and end,” says Coetzer. “While providers secure the underlying infrastructure, customers are accountable for everything above that – including identity and access management, encryption, patching, and data protection.”

He explains that this shared responsibility model often leads to critical gaps, particularly where organisations lack the internal expertise or fail to implement proper governance and monitoring frameworks. This aligns with broader industry observations that cloud environments demand a clear understanding of roles, especially around data protection and access control.

Human error remains the biggest threat

Despite advances in cloud-native security tools, Coetzer highlights that human error continues to be the leading cause of cloud security breaches. Misconfigured storage buckets, weak identity and access management (IAM) policies, and insufficient monitoring are among the most common vulnerabilities.

“Organisations are still struggling with basic visibility. Without proper logging, monitoring, and SIEM capabilities, it becomes impossible to detect and respond to threats effectively,” he says.

Additional risks include malicious insiders, supply chain vulnerabilities, and compliance challenges related to data sovereignty and international regulations.

Security strategies lag behind innovation

While cloud adoption is accelerating, Coetzer believes that security approaches are failing to keep pace with the rapid evolution of cloud technologies.

“The rise of AI, machine learning, containers, serverless computing, and multi-cloud strategies is introducing new attack vectors faster than organisations can secure them,” he explains. “At the same time, attackers are leveraging automation and AI to scale their efforts, widening the gap even further.”

He adds that many organisations still treat security as an afterthought, rather than embedding it into development processes through practices such as DevSecOps and shift-left security.

Public cloud introduces new risk layers

According to Coetzer, the public cloud presents a range of risks that organisations must actively manage. These include misconfigurations, gaps in shared responsibility, expanded attack surfaces, data breaches, third-party dependencies, and regulatory exposure.

These concerns echo broader industry trends, where businesses are increasingly scrutinising public cloud environments for issues such as compliance complexity, security exposure, and operational risk.

Complexity increases across cloud models

The complexity of managing security increases significantly across different cloud service models.

“In Infrastructure as a Service (IaaS), organisations have maximum control, but that also means maximum responsibility,” says Coetzer. “They are responsible for everything from operating systems to network configurations, which increases the risk of misconfiguration.”

By contrast, Platform as a Service (PaaS) abstracts much of the underlying infrastructure, enabling faster development but introducing new blind spots.

“PaaS environments shift risk to the application layer,” he explains. “Issues such as insecure code, exposed APIs, and vulnerable dependencies become the primary attack vectors, particularly in environments using containers and serverless workloads.”

A call for proactive security

Coetzer concludes that closing the cloud security gap will require a fundamental shift in how organisations approach security.

“Security cannot be bolted on after deployment. It needs to be embedded into every layer of the cloud journey – from architecture and development to operations and governance,” he says. “As cloud environments become more complex, the organisations that succeed will be those that prioritise visibility, accountability, and proactive security practices from the outset.”

ENDS

About Routed / evoila Africa

evoila Africa, previously known as Routed, is a division of evoila, a global technology company specialising in the design, deployment and operation of cloud infrastructure. evoila Africa is a pinnacle Broadcom VMware Cloud Service Provider focused on platform engineering for secure, multi-tenanted and private cloud environments.

The company partners with cloud service providers, channel partners and enterprises to deliver VMware Cloud platforms that enable organisations to scale infrastructure, innovate faster and meet evolving regulatory and operational requirements.

For more information

Samantha Hogg-Brandjes | GinjaNinja | +27844584857 | This email address is being protected from spambots. You need JavaScript enabled to view it.