Podcast series: The Security Strategist Guest: Doug Merritt, Chairperson, CEO, and President of Aviatrix Host: Shubhangi Dua, Podcast Host, Producer and B2B Tech Journalist at EM360Tech Cloud security now involves more than just protecting a single environment. As organisations grow across multiple clouds, integrate SaaS platforms, modernise applications, and deploy AI-driven workloads, the attack surface expands in complex ways that are hard to see and even harder to manage. In the recent episode of The Security Strategist podcast, Doug Merritt, Chairperson, CEO, and President of Aviatrix, a cloud network security company, sits down with Shubhangi Dua, Podcast Host, Producer and B2B Tech Journalist at EM360Tech. They discuss why gaps in cloud networking visibility are becoming one of the biggest security risks for businesses today. The conversation also covers how cloud complexity has changed over time, why old security models struggle to keep up, and what practical steps leaders can take to lower exposure before attackers exploit hidden pathways. Securing the World’s Digital FabricOn a mission to secure “the world’s digital fabric,” Merritt spotlights the reasons explaining that organisations often perceive cybersecurity through “constructs and silos.” However, attackers see the entire landscape, which leads to a gap in the perspective. Most enterprises started their cloud journey with lift-and-shift migrations, moving familiar applications from data centres to the cloud. Over time, these applications were modernised, broken into containerised services, and expanded with serverless functions, APIs, and third-party SaaS platforms. Merritt notes that applications today often involve "10 to 15 different major components from start to finish," many of which exist across different clouds or outside direct organisational control. This variety has brought speed and innovation, but it has also led to vastly different workload behaviours. Some workloads are long-lasting, others are temporary, and many can be accessed publicly. According to the Aviatrix CEO, this "really powerful landscape" has resulted in "an incredibly powerful attack surface." Without consistent visibility and remediation across all workloads, attackers can find "which workloads have value and which workloads are unprotected" and move laterally until they reach critical assets. AI adds additional challenges. While the technology seems new, he further emphasises that AI agents are still workloads with identities, operating at high speed and broad permission levels. They rely completely on network connectivity, making the network a crucial point for both visibility and control. In a hyper-connected environment, he argues, the network should be seen as a key security layer rather than just a transport system. How to Prepare for the Next Wave of Cloud ThreatsWhen asked what CIOs, CISOs, and cloud leaders should focus on next, Merritt alludes to a reality check. He urges leaders to choose a single complex application and ask their teams to identify every workload involved, every network path taken, and whether there is visibility into "every packet that goes into the workload and comes back out." In most cases, he says, organisations find that they cannot do this. This gap reveals the first and most urgent issue: a lack of understanding of the environment itself. Without a clear map of workloads and communication paths, security teams operate with blind spots. The Chairperson of Aviatrix insists that visibility must come before control. Once organisations understand their exposure, they can prioritise the "most dangerous communication pathways" and secure them. He warns that many large enterprises still have "thousands of workloads with direct internet connections and no filter in front," describing this exposure as "horrific," given how easily even less sophisticated attackers could exploit it. He also points out that visibility and enforcement must be close to the workload. Centralised controls increase costs and latency, while distributed enforcement allows for faster response and containment. Ultimately, just observing traffic isn't enough; organisations need to be able to act. Cloud security isn’t about adding more tools; it’s about changing perspective. By mapping workloads, understanding communication paths, and using the network as a consistent layer for visibility and enforcement, organisations can reduce lateral movement, limit blast radius, and prepare more effectively for the next generation of cloud threats. TakeawaysOrganisations need to focus on the uncovered attack surface.The digital fabric includes diverse workloads across multiple clouds.Visibility and remediation are critical in managing workloads.The complexity of multi-cloud environments is increasing.AI is accelerating the evolution of cloud security challenges.Networking plays a pivotal role in security strategies.Collaboration between security, networking, and cloud teams is essential.Mapping workloads and communication pathways is crucial for security.Organisations must prioritise securing high-risk workloads.Understanding the shared responsibility model is vital for cloud security. Chapters00:00 Introduction to Cloud Security Challenges03:03 Understanding the Digital Fabric05:56 Navigating the Modern Attack Surface08:46 Key Trends in Cloud Adoption12:11 The Complexity of Multi-Cloud Environments14:51 The Evolving Role of Networking in Security17:58 Bridging the Gap Between Teams21:02 Real-World Solutions and Case Studies23:53 Preparing for Future Threats29:09 Final Thoughts and Key Takeaways #CloudSecurity #MultiCloud #CloudNetworking #Aviatrix #CISO #AttackSurface #CloudThreats #EnterpriseSecurity #TechPodcast #SecurityStrategist #DigitalFabric #AIinSecurity #WorkloadSecurity For more information, visit aviatrix.ai and em360tech.com. Follow: @EM360Tech on YouTube, LinkedIn and X Aviatrix YT: @AviatrixSystems Aviatrix LinkedIn: https://www.linkedin.com/company/aviatrix-systems/
