Podcast series: The Security Strategist

Guest: Doug Merritt, Chairperson, CEO, and President of Aviatrix

Host: Shubhangi Dua, Podcast Host, Producer and B2B Tech Journalist at EM360Tech

Cloud security now involves more than just protecting a single environment. As organisations grow across multiple clouds, integrate SaaS platforms, modernise applications, and deploy AI-driven workloads, the attack surface expands in complex ways that are hard to see and even harder to manage. 

In the recent episode of The Security Strategist podcast, Doug Merritt, Chairperson, CEO, and President of Aviatrix, a cloud network security company, sits down with Shubhangi Dua, Podcast Host, Producer and B2B Tech Journalist at EM360Tech. They discuss why gaps in cloud networking visibility are becoming one of the biggest security risks for businesses today.

The conversation also covers how cloud complexity has changed over time, why old security models struggle to keep up, and what practical steps leaders can take to lower exposure before attackers exploit hidden pathways.

Securing the World’s Digital Fabric

On a mission to secure “the world’s digital fabric,” Merritt spotlights the reasons explaining that organisations often perceive cybersecurity through “constructs and silos.” However, attackers see the entire landscape, which leads to a gap in the perspective.

Most enterprises started their cloud journey with lift-and-shift migrations, moving familiar applications from data centres to the cloud. Over time, these applications were modernised, broken into containerised services, and expanded with serverless functions, APIs, and third-party SaaS platforms. 

Merritt notes that applications today often involve "10 to 15 different major components from start to finish," many of which exist across different clouds or outside direct organisational control.

This variety has brought speed and innovation, but it has also led to vastly different workload behaviours. Some workloads are long-lasting, others are temporary, and many can be accessed publicly. 

According to the Aviatrix CEO, this "really powerful landscape" has resulted in "an incredibly powerful attack surface." Without consistent visibility and remediation across all workloads, attackers can find "which workloads have value and which workloads are unprotected" and move laterally until they reach critical assets.

AI adds additional challenges. While the technology seems new, he further emphasises that AI agents are still workloads with identities, operating at high speed and broad permission levels. They rely completely on network connectivity, making the network a crucial point for both visibility and control. In a hyper-connected environment, he argues, the network should be seen as a key security layer rather than just a transport system.

How to Prepare for the Next Wave of Cloud Threats

When asked what CIOs, CISOs, and cloud leaders should focus on next, Merritt alludes to a reality check. He urges leaders to choose a single complex application and ask their teams to identify every workload involved, every network path taken, and whether there is visibility into "every packet that goes into the workload and comes back out."

In most cases, he says, organisations find that they cannot do this. This gap reveals the first and most urgent issue: a lack of understanding of the environment itself. Without a clear map of workloads and communication paths, security teams operate with blind spots.

The Chairperson of Aviatrix insists that visibility must come before control. Once organisations understand their exposure, they can prioritise the "most dangerous communication pathways" and secure them. He warns that many large enterprises still have "thousands of workloads with direct internet connections and no filter in front," describing this exposure as "horrific," given how easily even less sophisticated attackers could exploit it.

Are you enjoying the content so far?

He also points out that visibility and enforcement must be close to the workload. Centralised controls increase costs and latency, while distributed enforcement allows for faster response and containment. Ultimately, just observing traffic isn't enough; organisations need to be able to act.

Cloud security isn’t about adding more tools; it’s about changing perspective. By mapping workloads, understanding communication paths, and using the network as a consistent layer for visibility and enforcement, organisations can reduce lateral movement, limit blast radius, and prepare more effectively for the next generation of cloud threats.

Takeaways

  • Organisations need to focus on the uncovered attack surface.
  • The digital fabric includes diverse workloads across multiple clouds.
  • Visibility and remediation are critical in managing workloads.
  • The complexity of multi-cloud environments is increasing.
  • AI is accelerating the evolution of cloud security challenges.
  • Networking plays a pivotal role in security strategies.
  • Collaboration between security, networking, and cloud teams is essential.
  • Mapping workloads and communication pathways is crucial for security.
  • Organisations must prioritise securing high-risk workloads.
  • Understanding the shared responsibility model is vital for cloud security.

Chapters

  • 00:00 Introduction to Cloud Security Challenges
  • 03:03 Understanding the Digital Fabric
  • 05:56 Navigating the Modern Attack Surface
  • 08:46 Key Trends in Cloud Adoption
  • 12:11 The Complexity of Multi-Cloud Environments
  • 14:51 The Evolving Role of Networking in Security
  • 17:58 Bridging the Gap Between Teams
  • 21:02 Real-World Solutions and Case Studies
  • 23:53 Preparing for Future Threats
  • 29:09 Final Thoughts and Key Takeaways

#CloudSecurity #MultiCloud #CloudNetworking #Aviatrix #CISO #AttackSurface #CloudThreats #EnterpriseSecurity #TechPodcast #SecurityStrategist #DigitalFabric #AIinSecurity #WorkloadSecurity

For more information, visit aviatrix.ai and em360tech.com

Follow: @EM360Tech on YouTube, LinkedIn and X

Aviatrix YT: @AviatrixSystems

Aviatrix LinkedIn: https://www.linkedin.com/company/aviatrix-systems/