Enterprises pushing deeper into hybrid and multi-cloud operations face a new kind of risk: one rooted not in technology gaps, but in misplaced confidence. Many organisations still manage cloud infrastructure with assumptions built for on-premises environments, leaving visibility fragmented and attacks harder to contain.
Shane Buckley, President and Chief Executive Officer of Gigamon, observes that this blind spot has only widened with the rise of AI. In this interview with Frontier Enterprise, he discusses how entrenched assumptions about cloud management have created visibility gaps that make hybrid environments harder to secure.
Which visibility gaps in hybrid and multi-cloud set-ups cost enterprises the most?
For many organisations building cloud security maturity, the reality is that they often feel more confident managing on-premises environments, where processes, controls, and visibility are more established. By contrast, hybrid and multi-cloud infrastructure introduce gaps that can prove costly, not only from a security standpoint, but also operationally and financially.
One of the biggest oversights is the runaway cost of cloud complexity. Large-scale AI workloads, massive data volumes, and high ingress and egress fees are prompting many CISOs to reconsider where their most sensitive workloads should be hosted. The guiding principle remains the same: protect the data, wherever it resides. That means placing workloads in environments where visibility, governance, and access control are strongest.
Another costly gap stems from tool sprawl. In 2024, sprawling tool stacks ranked among the top five CISO concerns globally, reflecting the inefficiency and fragmentation caused by redundant or underutilised security tools. When visibility is fractured across silos, it weakens the defence-in-depth strategy it was meant to reinforce. This creates openings that attackers can exploit and drives up both risk and cost.
How is AI reshaping ransomware tactics and scale in APAC?
In two ways that should concern every enterprise leader: AI has lowered the barrier to entry and dramatically accelerated campaign velocity.
We’re seeing faster social-engineering cycles, better-written phishing, and quicker post-exploitation decision-making. Where threat actors once needed deep programming skills to build and launch campaigns, they can now rely on AI-driven tools such as WormGPT, which can bypass voice and even biometric authentication safeguards. This means that relying on traditional hygiene measures, such as two-factor authentication, is no longer sufficient in the AI era. Combined with the growth of ransomware as a service, ransomware has effectively become a turnkey operation. By “democratising” cybercrime, AI expands the pool of would-be attackers while making campaigns more convincing and harder to defend against.
The Gigamon 2025 Hybrid Cloud Security Survey found that 57% of Singaporean respondents reported an increase in ransomware attacks powered by AI. Alarmingly, 96% of organisations that experienced such attacks ended up paying the ransom, underscoring the growing pressure on businesses. The introduction of AI into this ecosystem has become a force multiplier, driving more attackers, more campaigns, and faster breakout times.
What’s the biggest mistake when moving sensitive workloads to the cloud?
One of the most common missteps enterprises make when shifting sensitive workloads to the cloud is assuming that perimeter-based security still protects them, and misunderstanding the shared responsibility model. Many first-time cloud migrations rely too heavily on provider defaults and logs, while underinvesting in areas such as network monitoring, identity-to-network enforcement, and continuous posture assessment. Treating the cloud as a black box creates critical blind spots. Research continues to show that misconfigurations and misuse remain central to cloud incidents, and when combined with compromised credentials, the results can be severe.
Another common challenge is ensuring that board leaders, security teams, and operational teams are educated on cloud security best practices, while also fostering stronger collaboration across network, security, and development operations. Evaluating how to monitor and analyse data effectively is a critical step that all security and IT leaders must take to maintain data integrity.
Where do regulated industries lose the most time in incident investigations?
Two areas stand out: assembling evidence spread across siloed tools and environments, and correlating data from multiple systems to reconstruct an accurate incident timeline. Research shows that costs and investigation timelines are especially high in finance and healthcare, where heavy regulation and complex hybrid and multi-cloud environments make every minute of downtime or uncertainty more expensive.
How should enterprises redesign networks for hybrid-cloud attacks?
Enterprises need to rethink network architecture by moving away from perimeter-centric models and treating hybrid environments as a single, unified attack surface. The mindset shift is to assume compromise everywhere and design security around verification rather than trust. This is where a zero-trust architecture comes in, not as a technical add-on, but as an organisation-wide operating model. Implementing zero trust requires C-suite commitment as much as technical execution, because success depends on changing culture and process alongside technology.
Planning should bring together network, security, and development operations teams to strengthen visibility and enforce identity- and application-aware segmentation consistently across both on-premises and cloud environments. Native cloud mirroring extends traffic inspection into VPCs and VNets so that cloud workloads can be governed with the same level of control as traditional data centres.
Enterprises should also review how their monitoring and security tools interoperate, ensuring data from different layers of the environment can be correlated effectively. Consolidating telemetry from networks and applications helps reduce redundant tools and improve enforcement of zero-trust principles across hybrid infrastructure, turning architectural complexity into a source of resilience.
If you could eliminate one outdated security practice that’s still common in APAC, what would it be?
Allowing encrypted traffic to flow uninspected because it’s considered too difficult or costly remains one of the most dangerous practices across enterprises. Our research found that 39% of Singaporean respondents have yet to address decryption, citing concerns over time and expense. Yet, the majority of modern attacks, including ransomware and data exfiltration, now hide within Transport Layer Security and other encrypted channels. Ignoring these flows leaves critical gaps in defence.
This risk is compounded by other outdated practices, such as continued reliance on static, shared passwords, which contribute to credential theft and identity-based attacks that are increasingly difficult to detect — even as organisations adopt more modern approaches like zero-trust and passwordless solutions.
