Blind Trust in One Cloud Provider Is A Gamble. Here’s How Sharktech Builds True Cloud Security by Roberto Popolizio

Roberto Popolizio

Published on: April 27, 2025
Managing Editor

In 2024, 80% of companies reported at least one cloud security incident.

One reason is that, despite the surge in multicloud, 14 % of organizations still operate on only one cloud service provider, creating a single point of failure. A risky gamble that can cost businesses up to $4.88 million on average.

In this exclusive interview with Safety Detectives, Tim Timrawi, Founder and CEO of Sharktech, explains why overreliance on hyperscalers like AWS and Azure creates hidden vulnerabilities, and why real resilience requires independent backups, third-party monitoring, and diversified architecture. He then outlines some practical steps any business should immediately apply to improve their security infrastructure.

If you want to better understand how safe your cloud setup REALLy is, and how to build true reliance, this is for you.

What’s the most urgent yet overlooked cybersecurity problem in your industry? What makes it so dangerous?

Businesses rely way too much on a single hyperscaler for critical infrastructure and data storage, presuming that big cloud providers are invulnerable because of their size and resources. By now, there’s a plethora of breaches proving that this is a dangerous illusion.

When you trust everything to one provider, a single misconfiguration, vulnerability, or insider threat can expose your entire operation.

Can you remember the moment you realized the severity of this issue? What happened and what was the damage?

The Microsoft Azure BlueBleed leak in 2022 was a major wake-up call. Due to a simple misconfiguration in Azure Blob Storage, over 2.4 TB of sensitive customer data was exposed, affecting more than 65,000 businesses. It shattered the assumption that enterprises can “trust the platform by default.”

After this breach, businesses accelerated their adoption of hybrid cloud solutions, looking for private systems with multiple layers of protection to avoid single points of failure.

Why do you think this problem persists across the industry? Is it a lack of education, bad incentives, vendor apathy? Or is anyone profiting when this stays hidden?

Partly it’s due to the big cloud’s pervasive marketing. Ask a random person what “cloud” means, and they’ll likely say “AWS.” People are often unaware of the alternatives and like the promise of “set it and forget it”.

There’s also a strong psychological bias: if a giant like Amazon or Microsoft is running your infrastructure, it feels safer, even when that’s not necessarily true. Meanwhile, building true multi-cloud or layered defenses seems complex and intimidating, so most companies just avoid it.

What are the most common BAD tips or myths you’ve seen people follow around this issue, and why? What does reality look like and what should they do instead?

One dangerous myth is: “If my data is in the cloud, it’s automatically secure.” In reality, no single system is perfectly reliable. Even the cloud itself. That’s why airplanes have so many redundancies. One system may fail, but others kick in. Security works the same way.

Another bad tip is: “We can just rely on one provider’s native security tools.”, and it’s unfortunately very common.

In fact, a recent Forrester prediction indicates that by the end of 2025, up to 60% of cloud customers will continue to rely solely on their hyperscaler’s native cloud security. This shows how prominent is this tendency to feel safer when security is “built in” by a major provider rather than sourced from specialized third parties

And if the breach comes from inside your provider? Native tools may be blind to it.

Businesses need layered defenses: third-party monitoring, independent backups, separate key management, and ideally, a mix of private and public cloud systems.

If someone wants to avoid this problem, what should they start (or stop) doing today? What are the minimum effective steps people can take?

Start by assuming your cloud provider will get breached at some point. Build your architecture around that assumption:

• Encrypt sensitive data independently of cloud-native encryption.
• Implement third-party auditing and monitoring tools.
• Maintain independent backups stored separately.
• Use different vendors for firewalls and critical systems.
• Conduct regular configuration and credential audits.

Don’t think of the Public Cloud as a secure vault — it’s not.

What role should providers and IT partners play in solving this? Are they helping or making things worse?

Providers and partners need to be honest about risks and stop implying that cloud security is automatic. Good IT partners educate clients, design architectures that assume breaches are possible, and build in third-party safeguards.

Bad partners, however, downplay risks just to close deals or resell hyperscaler services without adding any protection. Unfortunately, that’s still far too common.

To wrap up, if there was one key takeaway you wish people could bring home from this conversation, what would it be?

Don’t bet your business on one provider’s security. Layer up, diversify, and verify.