Cloud Security , Security Operations , SOC , Application security , AI/ML , AI benefits/risks The hidden risk in hybrid IT: Fragmented vulnerability management May 7, 2026 Share By Srikant Sreenivasan (Adobe Stock) COMMENTARY: Hybrid IT environments are now a baseline operating model. Most enterprises span public cloud, private infrastructure, SaaS applications, containerized workloads, and legacy on-prem systems simultaneously. While this distribution improves agility and scalability, it also fragments visibility and control, creating attack surfaces that traditional vulnerability management approaches were not designed to address. At the same time, the adoption of large language models (LLMs) introduces an additional layer of risk beyond conventional software security frameworks. Unlike deterministic applications, LLMs dynamically interact with unstructured data, user inputs, and external systems, expanding exposure to issues such as prompt injection, data leakage, and unintended system actions. [ SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here . ] Securing hybrid IT environments demands a specific focus on cloud vulnerability management; an essential defense as enterprises merge cloud and on-premises systems, multiplying both opportunity and hidden risks. Mitigating these risks requires extending security beyond traditional scanning and patching. Organizations need to incorporate secure architectural patterns, enforce policy and access controls at the data and model layers, and implement AI-specific safeguards that account for how these systems behave in production environments. As organizations expand across dynamic environments, cloud-focused vulnerability management has become a foundational control for reducing hidden risk. Many cloud incidents stem from misconfiguration. Unlike legacy infrastructure, cloud environments are highly automated and constantly changing; provisioning and modifying APIs, workloads, and identity roles happen quickly, requiring security oversight to keep pace with deployment speed. Related reading: RSAC 2026: Can humans secure the ever-expanding universe of non-human identities? From cloud chaos to control: A DevSecOps roadmap for multi-cloud Five control domains that make AI frameworks effective Overly permissive roles, exposed storage, and insecure APIs can persist unnoticed, especially when responsibility is split across teams and platforms in hybrid environments. Misconfiguration now rivals unpatched vulnerabilities as a top risk. Hybrid complexity creates visibility gaps Hybrid environments introduce structural challenges that increase risk. Organizations often rely on separate consoles and dashboards across multiple cloud providers and on-premises systems, making it difficult to maintain a unified view of their security posture. At the same time, inconsistent severity scoring and risk metrics across tools and platforms create confusion about which issues require the most urgent attention. Ownership is often fragmented, with responsibility split among infrastructure, cloud, DevOps, and security teams. This division can slow response times and complicate coordination when vulnerabilities are discovered. As a result, remediation workflows often become disconnected, with no clear path from detection to resolution. Without centralized visibility, security teams struggle to answer basic operational questions: What assets actually exist? Which ones are exposed to the internet? Who is responsible for them? And which vulnerabilities are truly exploitable? Attackers, meanwhile, actively look for these kinds of blind spots, exploiting the gaps that fragmented environments inevitably create. Legacy vulnerability management programs were built for static assets — servers, endpoints, and network devices with predictable lifecycles. Cloud environments break that model. Modern vulnerability management in hybrid environments must include: Continuous Asset Discovery — Security teams cannot protect what they cannot see. Cloud resources may exist for hours or minutes before being terminated. Continuous discovery ensures ephemeral workloads are included in risk assessments. Configuration and Identity Monitoring — In cloud environments, identity is often the perimeter. Monitoring access policies, privilege assignments, and configuration drift is as critical as tracking software vulnerabilities. Contextual Risk Prioritization — Raw vulnerability counts are no longer useful. Effective programs evaluate exploitability, asset criticality, business impact, and exposure pathways to prioritize remediation efforts that materially reduce risk. Understanding Shared Responsibility — Cloud security operates under a shared responsibility model: providers secure the infrastructure; customers secure what they deploy and configure. Confusion around this division of responsibility remains a significant risk factor. Organizations sometimes assume built-in provider controls fully mitigate threats, overlooking the need to validate configurations, monitor identity permissions, and maintain visibility into application-level risk. Cloud and on-premises environments introduce different types of security risks, reflecting the way each infrastructure model operates. On-premises systems are often vulnerable to unpatched software and exposed network services, where outdated systems or open ports can serve as entry points for attackers. In contrast, cloud environments more commonly experience issues related to identity mismanagement, configuration errors, and overly permissive access controls. The growing reliance on APIs and automation has also expanded the attack surface in ways that traditional network security models did not anticipate. As more infrastructure is defined and managed through code, risk increasingly arises from policy misconfigurations rather than missing software patches. A single configuration mistake can unintentionally expose resources or grant excessive access across an entire environment. To reduce hidden risk in hybrid environments, organizations should focus on a unified risk view. Key recommendations include centralizing vulnerability and configuration data, applying consistent severity scoring, and assigning remediation ownership. This approach streamlines risk prioritization, speeds remediation, and improves compliance reporting. Without this kind of consolidation, security teams are forced to operate in silos across different platforms and tools. Those silos create visibility gaps, and those gaps create opportunities for attackers. Regulatory frameworks increasingly require demonstrable vulnerability management, configuration validation, and documented remediation processes. Organizations that implement continuous discovery, contextual prioritization, and automated reporting not only reduce breach likelihood — they also simplify audit preparation and improve executive reporting. Security, maturity, and compliance readiness are closely linked outcomes. Building a resilient hybrid security strategy Building a resilient security strategy for hybrid environments requires organizations to rethink how they manage risk across both cloud and on-premises systems. A foundational step is to automate asset discovery so that security teams can maintain an accurate, continuously updated inventory of infrastructure, applications, and services. At the same time, organizations must continuously monitor configuration settings and identity posture to detect misconfigurations, excessive permissions, or policy drift before they become exploitable vulnerabilities. Effective strategies also prioritize vulnerabilities based on real-world exploitability rather than treating every alert with the same level of urgency. Establishing clear remediation ownership and defined workflows ensures that identified issues move quickly from detection to resolution. Aligning vulnerability management metrics with broader business risk helps leadership understand which exposures pose the greatest threat to operations, revenue, or compliance obligations. Hybrid infrastructure itself is not inherently insecure. As cloud adoption continues to expand, vulnerability management must evolve from periodic scanning to continuous, context-aware risk management. Organizations that make this shift will be far better positioned to reduce hidden risk and strengthen resilience in an increasingly complex technology landscape. An In-Depth Guide to Cloud Security Get essential knowledge and practical strategies to fortify your cloud security. Learn More Srikant Sreenivasan Srikant Sreenivasan is president of ConnectSecure and is a senior business leader and co-founder of multiple software startups, most of which are focused on solving MSP challenges. In addition to his entrepreneurial record, Sri has held business management positions at Arthur Andersen Consulting, KPMG, Microsoft, and Cisco. Along with Shiva Shankar, he co-founded HashInclude, a technology innovation and incubator company that has spawned multiple software solutions for the IT industry. Most recently, Sri was a co-founder and President of CyberCNS, the predecessor to ConnectSecure. Related Email security Amazon SES abused for sophisticated phishing attacks SC Staff May 5, 2026 Attackers are leveraging Amazon SES, a legitimate and trusted service, to send malicious emails that bypass authentication checks like SPF, DKIM, and DMARC. Phishing New ConsentFix v3 attack automates Microsoft Azure account hijacking SC Staff May 4, 2026 ConsentFix v3 targets Microsoft Azure environments by first identifying valid tenant IDs and gathering employee details for impersonation. Security Operations Command Zero releases APIs to enable programmatic security investigations SC Staff May 1, 2026 The new API endpoints enable security operations teams to integrate Command Zero's investigation engine into their