In this blog, discover how the current digital and cloud infrastructure has scaled in the recent past leading to serious security and compliance lapses. However, intelligent automation platforms can enable businesses to detect threats better. Find out how extended security intelligence and automation management (XSIAM) helps businesses in comprehensive visibility, automation, risk reduction, and compliance.
In late October 2025, one of the world’s largest consulting firms – Ernst & Young (EY) – was revealed to have inadvertently exposed a massive 4-terabyte SQL Server backup on the public Internet, thanks to a misconfiguration during a cloud migration on Microsoft Azure.1
The exposed backup contained not just benign metadata: it reportedly included API keys, session tokens, service-account credentials, internal database schemas, and possibly user credentials and client data. Because the file was publicly accessible, essentially “on the open web”, the risk was not theoretical; any scanning mechanism (malicious or benign) that crawled exposed storage buckets could have discovered it within seconds.
Though there is no public proof of a full-scale exploit (i.e., no confirmed mass data theft or ransomware triggered via this leak), the exposure alone is a serious breach of trust, data hygiene, and security best practices. For an organization of EY’s scale and resources, such an incident undermines its reputation and underlines a stark truth: even “secure-by-design” cloud migrations can go wrong.
This incident proves that with simple human error or misconfiguration, even a world-class security culture fails, turning a cloud “data lake” into a public dump. What happened at EY is more than a cautionary tale. It is a wake-up call for enterprises globally: in cloud environments, assumptions about inherent security are unsafe. Without continuous, automated visibility and guardrails, powerful platforms become liabilities, sometimes disastrously so. Momentary lapses can lead to full-blown cyber attacks.
The surge in cloud adoption in recent years has not only transformed digital infrastructure, but it has also dramatically expanded the threat surface. According to a 2025 report, the number of cyber attacks per week per organization has risen steeply.
Organizations now face, on an average, 1,925 attacks per week – a 47% jump from 2024. Ransomware incidents saw a dramatic spike of 126% in Q1 2025 alone. Many of these incidents target cloud systems. In fact, around 80% of companies now report at least one cloud attack per year.2
Misconfigurations remain among the most common root causes: one survey indicates that around 23% of cloud-related incidents stem from misconfigurations, while human error underpins over half of all cloud breaches.3 Further, only a small fraction of organizations successfully encrypt the majority of their cloud data – a worrying trend, given that over 54% of data stored in the cloud is sensitive.4
Meanwhile, threats themselves are becoming more automated, scalable, and stealthy. Attackers now routinely employ stolen credentials, automated scanning, and even AI-enhanced techniques to probe cloud environments at scale.
Cloud is the backbone of enterprise infrastructure. And with this shift, the volume, frequency, and sophistication of cloud-targeting attacks have also escalated. The cloud era demands more than legacy security; it requires new thinking, new tooling, and continuous guardrails.
That’s where platforms such as Cortex XSIAM come into play. XSIAM by Palo Alto Networks is built to address exactly the kinds of risks exemplified by the EY incident and rising cloud threats.
At its core, XSIAM provides continuous, automated monitoring and detection of misconfigurations, anomalous behavior, and potential security exposures across cloud environments, data lakes, application backends, storage buckets, identity and access systems, APIs, and more.
It combines log aggregation, behavior analytics, identity-aware detection, and context-aware alerting to provide visibility into what’s happening – not just inside, but also what’s exposed to the public Internet.
Where traditional security tools often rely on manual audits or periodic scanning, XSIAM offers real-time, adversary-style exposure assessment. This means your security team doesn’t wait for a quarterly review to find a misconfigured backup: they get alerted immediately. With automated detection, response orchestration, and compliance reporting built in, XSIAM reduces mean time to detection (MTTD) and mean time to response (MTTR) substantially. Its exposure management capability cuts vulnerability noise by up to 99%, reducing the burden on the security teams.
Beyond detection, XSIAM can integrate with identity and access management (IAM), privilege management, encryption key stores, and cloud infrastructure orchestration tools. This enables automated remediation workflows, enforcing policy guardrails, and implementing zero-touch enforcement of security best practices.
Cortex XSIAM unifies essential SOC functions into one platform:
XSIAM offers the below advantages:
In a world where cloud complexity with containers, microservices, serverless computing, and shared storage grows daily, a platform like XSIAM is no longer optional. It becomes the backbone of a secure, resilient cloud architecture.
Deploying XSIAM is a powerful first step, but for many enterprises – especially those without large in-house security operations teams – combining XSIAM with managed security services is the most effective path forward.
T Systems has helped global businesses to leverage XSIAM’s capabilities end-to-end. This means managing the platform, monitoring alerts, triaging incidents, performing continuous exposure assessments, and executing remediation actions – all handled by experienced security professionals.
With T-Systems managing XSIAM, organizations benefit from 24×7 oversight, expert incident response, and proactive threat hunting. This removes the burden of building and staffing a full cyber defense center or security operations center (SOC) internally, while still enjoying enterprise-grade protection. More importantly, it ensures that misconfigurations SOC – the silent killers of cloud security – are not only detected, but also remediated immediately, reducing dwell time and blast radius.
Furthermore, we tailor security policies, compliance frameworks, and reporting mechanisms to specific regulatory or industry needs (e.g., financial services, healthcare, manufacturing), giving clients both flexibility and assurance. For many enterprises undergoing rapid digital transformation, this dual approach offers the best balance: robust protection, minimal overhead, and operational resilience.
1 EY Data Breach, 2025, SDX Central
2 Cloud Security Statistics, 2025, Sprinto
3 Cloud Security Statistics, 2025, SentinelOne
4 Key Cloud Statistics, 2025, Thales Group
