Why preemptive, AI-driven security must be wired into the economic fabric of the cloud

When multicloud kills the perimeter

For years, many cloud security strategies assumed that a strong perimeter, layered with monitoring and incident response, would be enough. That assumption is collapsing under the weight of multicloud. Data, APIs and AI workloads now span multiple providers, SaaS platforms, edge sites and IoT devices. The notion of a single “inside” and “outside” has been replaced by a mesh of shifting trust relationships and dynamic connections.

In 2025, security analysts are sounding the alarm that traditional detect-and-respond alone cannot keep pace. Gartner now predicts that preemptive cybersecurity capabilities will account for around half of all IT security spending by 2030, up from less than five percent in 2024, as organizations replace standalone detection and response tools with technologies that prevent attacks from executing in the first place. Gartner

At the same time, multicloud environments are proving hard to secure consistently. A 2025 multicloud security survey from SANS highlights the challenges of managing policies, identities, and telemetry across multiple cloud providers at scale, especially when each platform exposes slightly different controls and logs. SANS Institute Organizations that rely on manual processes and disconnected tools are seeing gaps emerge between their stated policies and what is actually deployed in production.

For Technology Business Management (TBM) leaders, this is not just a technical risk; it is a financial and governance problem. Cloud security incidents drive direct costs, regulatory penalties and lost revenue. Misconfigured access rules, unmanaged data flows between regions and overly permissive interconnects are often revealed only after the fact, when the bill or the breach notification arrives. The next phase of multicloud networking will be defined by how effectively enterprises embed preemptive, zero-trust security into their cloud fabrics and how tightly those controls are governed through TBM.

From detect-and-respond to deny, deceive, and disrupt

Preemptive cybersecurity is more than “better prevention.” Gartner defines it as a class of capabilities that deny, deceive, and disrupt attackers before they can execute their goals, shifting the focus away from simply detecting compromises and cleaning up after them. Gartner

In a multicloud networking context, this manifests in several ways. First, organizations use continuous attack surface mapping tools that automatically discover public and private endpoints, APIs, and data paths across all clouds and edge sites, then correlate them with business services and owners. Second, AI-driven analytics predict which exposed paths are most likely to be targeted, based on threat intelligence and observed behavior, and automatically tighten controls or insert decoys. Third, security controls are deployed as close as possible to the assets they protect, leveraging cloud-native microsegmentation, service meshes, and identity-aware proxies rather than relying on a few central choke points.

Industry commentary underscores why this is becoming non-negotiable. Essays tracking the rise of preemptive cybersecurity argue that the era of pure detect-and-respond is effectively over, pointing out that attackers now automate reconnaissance and exploitation at a speed that overwhelms human-centric workflows. Relyance AI The only sustainable strategy is to design systems that are hard to exploit by default and that actively frustrate attackers as they probe.

TBM plays a critical role in deciding where to deploy preemptive controls and how aggressively to tune them. The most effective preemptive measures often consume additional compute, network bandwidth or licensing. Without a clear financial perspective, organizations risk either over-securing low-value assets or leaving high-value, high-risk data flows under-protected because the costs of stronger controls were never correctly modeled.

Zero trust for a world without borders

Zero trust has become the dominant conceptual model for modern security. NIST’s Special Publication 800-207 defines zero trust as a set of paradigms that shift defenses from static network-based perimeters toward a focus on users, assets, and resources, enforcing continuous verification and strict access control in line with least-privilege principles. NIST Publications

In single-cloud environments, many organizations have made significant progress toward zero trust, leveraging identity-aware proxies, granular role-based access controls, and microsegmentation. But as the Cloud Security Alliance notes, multicloud, AI-driven threats, and complex supply chains are pushing zero trust to its limits. Simply applying the same pattern in each cloud is not enough when identities, policies, and telemetry are fragmented across providers. Cloud Security Alliance

For multicloud networking, a proper zero-trust strategy in 2026 will need to do three things well.

It must unify identity and access across clouds, so that users, services, and devices are governed consistently regardless of which provider hosts a given workload. This often means decoupling identity from individual clouds and using independent identity and policy engines that can speak to each platform.

It must extend microsegmentation and least privilege to the network plane that spans clouds, not just to workloads within a single provider. That includes fine-grained policies for east–west traffic between regions and clouds, as well as strict controls on management and observability endpoints.

It must maintain continuous visibility into trust decisions and their outcomes, feeding both security operations and TBM. This includes making sure that every policy decision can be traced back to a business context, such as a product line, regulatory obligation or customer contract.

A recent guide on achieving zero trust with multicloud identity emphasizes that multicloud invariably makes zero trust harder, not easier, because it introduces different identity and access management systems, overlapping policy models, and more potential misconfigurations. Strata.io. That complexity is precisely why TBM and security teams must work together to prioritize which connections and data flows deserve the most stringent zero-trust controls, based on both risk and business value.

Confidential computing and data-in-use protection

As workloads and data move fluidly between clouds, protecting data at rest and in transit is no longer sufficient. Confidential computing has emerged as a key technique for protecting data in use by using hardware-based trusted execution environments to encrypt data while it is being processed.

Cloud providers now offer confidential virtual machines and enclaves that ensure data remains encrypted even as applications operate on it, preventing cloud administrators or compromised hosts from inspecting sensitive information. Google Cloud, for example, describes its Confidential VMs as a way to keep data private and encrypted throughout processing, using security features in modern CPUs from AMD and Intel. Google Cloud Industry groups such as the Cloud Security Alliance have formed confidential computing working groups to close what they describe as a critical gap in data security and to make confidential computing a core component of digital security infrastructures. Cloud Security Alliance

For multicloud networking and TBM, confidential computing is particularly relevant in three scenarios. It matters when sensitive AI models and training data need to be moved between providers for cost, performance, or regulatory reasons. It matters when third-party partners or analytics providers must process data without being able to see it in the clear. And it matters when edge sites or branch locations lack strong physical security, increasing the risk of host compromise.

However, confidential computing is not free. It can affect performance, require specialized instance types, and impose integration work. TBM leaders must therefore treat confidential computing as a strategic investment, reserving it for flows where the combination of sensitivity and exposure justifies the additional cost. Preemptive cybersecurity comes into play here as well: if threat modeling indicates that data-in-use attacks or insider risks are a meaningful vector, confidential computing can serve as a preemptive control that drastically reduces the payoff for attackers.

IoT, edge, and the expanding attack surface

The multicloud network now extends deep into factories, smart buildings, vehicles and consumer environments through IoT and edge computing. Reports on the IoT threat landscape show a relentlessly growing attack surface: one global benchmark study found that the sheer number of connected devices presents a vast attack surface, with security leaders ranking compromised customer data and reputational damage as top concerns when IoT devices are breached. Net Data Networks A 2024 IoT security landscape report from Bitdefender highlights that millions of threats are blocked daily on home and small-office networks, demonstrating how constant automated probing has become. blogapp.bitdefender.com

Edge computing, while often deployed for performance and data residency reasons, also has security implications. Best-practice guides emphasize strong network segmentation, isolating IoT and edge devices from core systems to minimize lateral movement if a device is compromised. Linux Security In multicloud enterprises, that segmentation must extend through cloud backends and analytics pipelines, not just local networks. Device telemetry flows into cloud-based data lakes and AI models; commands flow back to actuators and robots; firmware updates are distributed via content delivery networks.

Preemptive cybersecurity at the edge, therefore, means more than locking down local gateways. It requires continuously mapping end-to-end paths connecting IoT devices, edge nodes, regional clouds, and central platforms, then applying dynamic zero-trust policies to them. Agentic AI systems can help by analyzing traffic patterns and automatically proposing or enforcing segmentation changes.

From a TBM perspective, IoT and edge security spend cannot simply be lumped into generic “network costs.” Security leaders need to understand which OT and IoT segments generate the most risk-adjusted value and which might be over- or under-protected. Preemptive controls at the edge – including hardware root of trust, secure boot, local anomaly detection, and even on-device confidential computing – can then be prioritized for critical sites, such as production plants or high-revenue logistics hubs.

TBM as the financial spine of zero trust and preemption

As preemptive cybersecurity and zero trust permeate multicloud networking, TBM becomes the financial and governance spine that keeps these efforts coherent. The core questions are pragmatic. How much should the enterprise be willing to pay to reduce the likelihood or impact of a given class of incidents? Which business capabilities justify the most expensive, strongest controls? How should the cost of security be allocated and communicated to product teams, so they can make informed trade-offs?

Recent coverage of cloud storage risks illustrates how misconfigurations and overexposed data can lead to significant financial and regulatory consequences. One 2025 analysis found that a non-trivial share of cloud data was publicly accessible, with most of it being restricted or confidential information such as API keys, access tokens, and credentials left in plain text. IT Pro: These are precisely the kinds of exposures that preemptive, zero-trust controls are designed to prevent – but those controls need budget, and that budget must be justified.

TBM teams can bring structure to this by defining security service tiers with clear cost and capability profiles, mapping them to business-criticality levels, and then using them to guide deployment of preemptive controls. High-tier services might include full zero-trust enforcement across multicloud identities and networks, comprehensive confidential computing, and continuous red-teaming and attack surface management. Lower-tier services might rely on more basic controls but still adhere to core principles, such as no public access without explicit approval.

Agentic AI will increasingly help answer “what if” questions in this space. Suppose TBM can feed accurate cost and risk data into those agents. In that case, they can simulate the impact of different security configurations on both budgets and risk metrics, then recommend control portfolios that maximize risk reduction per dollar spent. This turns preemptive cybersecurity from a reactive cost sink into an optimized investment portfolio, continuously tuned as threats and business conditions change.

Closing thoughts and looking forward

By 2026, preemptive, zero-trust security will no longer be an optional add-on to multicloud networking. It will be the only viable way to manage the sheer complexity and exposure created by AI workloads, edge deployments, and connected ecosystems. Gartner’s projection that preemptive cybersecurity will capture roughly half of all security spending by 2030 is not a distant forecast; it is a directional signal for decisions that TBM and security leaders must start making now. Gartner

The enterprises that succeed will be those that treat multicloud networking as both a security substrate and a financial asset. They will use zero trust and confidential computing to shrink the attack surface. They will extend preemptive controls to IoT and edge nodes, not just data centers and core clouds. And they will govern all of this through TBM frameworks that balance risk reduction with cost discipline, expressing security strategy in clear business terms.

Over the next 18 to 24 months, practical steps include mapping end-to-end multicloud data paths and classifying them by sensitivity and business value, piloting zero-trust architectures spanning at least two major cloud providers, and experimenting with preemptive controls such as microsegmentation and confidential computing for high-value workloads. At the same time, TBM teams should develop security cost models that make these investments transparent and measurable.

Multicloud networking is becoming the nervous system of AI-driven enterprises. If that nervous system is not secured preemptively and governed economically, the entire digital body is at risk. But with zero trust, preemptive cybersecurity, and TBM working in concert, organizations can build a cloud fabric that is not only agile and scalable, but also resilient, trustworthy, and financially sustainable.

Reference sites

“Preemptive Cybersecurity Technologies Will Account for over 50% of IT Security Spending by 2030, Up from Less Than 5% in 2024” – Gartner Newsroom – https://www.gartner.com/en/newsroom/press-releases/2025-09-18-gartner-says-that-in-the-age-of-genai-preemptive-capabilities-not-detection-and-response-are-the-future-of-cybersecurity

“Preemptive security predicted to constitute about half of IT security spending by 2030” – Cybersecurity Dive – https://www.cybersecuritydive.com/news/preemptive-security-predicted-half-it-security-2030/760642/

“NIST SP 800-207: Zero Trust Architecture” – NIST Cybersecurity – https://csrc.nist.gov/pubs/sp/800/207/final

“Zero Trust is Not Enough: Evolving Cloud Security in 2025” – Cloud Security Alliance – https://cloudsecurityalliance.org/blog/2025/04/17/zero-trust-is-not-enough-evolving-cloud-security-in-2025

“The 2024 Benchmark Report on IoT Security” – Palo Alto Networks – https://www.paloaltonetworks.com/resources/research/the-2024-benchmark-report-on-iot-security

Benoit Tremblay, Author, IT Security & Business Management, Montreal, Quebec.
Peter Jonathan Wilcheck, Co-Editor, Miami, Florida.

#MultiCloudSecurity #ZeroTrust #PreemptiveCybersecurity #ConfidentialComputing #IoTSecurity #EdgeComputing #CloudRiskManagement #TBM2026 #CloudSecurity #AIThreats