As organisations adopt SaaS, hybrid cloud, remote work and edge computing, infrastructure has become more distributed and less predictable. Nathan Charles, head of customer experience atย OryxAlign, suggests this shift is forcing organisations to rethink cybersecurity as part of infrastructure rather than a separate layer.
Organisations are already seeing the consequences of this shift towards distributed infrastructure. Research from Microsoft shows that cloud and hybrid incidents increased by 26 per cent in early 2025, with 18 per cent of intrusions originating from web-facing assets and 12 per cent from exposed remote services
Rather than breaching a defined perimeter, attackers are exploiting how systems are configured and accessed. As Microsoft notes, โcloud and hybrid architecture now directly influence operational resilienceโnot just IT security.โ Together, these trends show that the primary attack surface is no longer the network edge, but the architecture itself.
Security by design
The most immediate mistake organisations make today is treating cloud and infrastructure transformation as separate from security strategy. In practice, most modern breaches are not the result of advanced attacks bypassing controls. They originate from architectural inconsistency: identity systems that do not enforce a single trust model and privilege boundaries that degrade over time.
Frameworks promoted by the National Institute of Standards and Technology (NIST), such as zero trust, are often interpreted as tooling choices. In reality, they define how access is structured. As NIST states, โA zero trust architecture (ZTA) enables secure authorized access to enterprise resources that are distributed across on-premises and multiple cloud environments.โ
Organisations that fail to implement these controls early create environments where access paths compound over time, making risk difficult to trace, contain or unwind without structural redesign.
Operational accountability
As security becomes part of how infrastructure is built and managed, responsibility shifts with it. The traditional divide between IT operations and cybersecurity no longer holds, because risk is introduced through everyday decisions: how access is configured and how changes are applied.
Most issues do not stem from a single failure, but from decisions made during deployment and then repeated at scale. Access expands and configurations evolve, while new dependencies are added without consistent control. Over time, this creates environments where exposure is not always visible, but already embedded.
Infrastructure teams are now accountable for security outcomes, whether that responsibility is formally assigned or not. Uptime and security are directly tied to the same implementation choices. Environments that prioritise speed or flexibility without enforcing control will carry that risk as they grow.
Policy-as-code plays a central role in making this workable at scale. It allows controls to be defined once and applied consistently across environments, with enforcement built into provisioning and change processes. This keeps configuration standards and compliance requirements aligned as systems evolve.
Control over visibility
In distributed environments, visibility alone does not provide control. One of the most persistent misconceptions in modern cybersecurity is that visibility equates to security. In practice, seeing activity across systems does not constrain how those systems behave.
This is a direct consequence of how enterprise environments now operate. Hybrid work has become the dominant model across the EU, representing around 44 per cent of remote-capable roles, according to Eurofound. Users connect from unmanaged endpoints, workloads run across multiple cloud environments and identity becomes the primary control point between them.
In this model, visibility often arrives after the fact. Logs and alerts can highlight unusual behaviour, but they do not prevent over-scoped access or lateral movement. What matters is enforcement. Controls need to be applied consistently at the level of identity and access, where decisions are made. This is why architectures such as the secure access service edge (SASE) and integrated cloud security platforms are gaining traction: for their ability to enforce policy across distributed environments and constrain how systems interact.
The shift towards distributed infrastructure changes how security is managed. Risk is introduced through how systems are configured and maintained over time, making consistency of control essential. Organisations that embed this into infrastructure are better equipped to manage exposure as environments scale.
Visit www.oryxalign.com.
