Sign in
Sign up
  • Home
  • Blog
  • Guides
  • World Cloud Security Day: Deep Dive with Wiz CIO & CISO Ryan Kazanciyan
World Cloud Security Day: Deep Dive with Wiz CIO & CISO Ryan Kazanciyan on what Cloud Security actually means.
  • Guides, Interviews

World Cloud Security Day: Deep Dive with Wiz CIO & CISO Ryan Kazanciyan

Cyber Insurance Academy interviewed Ryan Kazanciyan on what cyber insurance professionals need to understand about the Cloud.
4 min read
All Posts

World Cloud Security Day: Deep Dive with Wiz CIO & CISO Ryan Kazanciyan

  • Guides, Interviews
4 min read
World Cloud Security Day: Deep Dive with Wiz CIO & CISO Ryan Kazanciyan on what Cloud Security actually means.

Cloud security isn’t just a buzzword – it’s the backbone of modern enterprise resilience. Few understand this better than Ryan Kazanciyan, CIO & CISO at Wiz, one of the most innovative cybersecurity firms in history. With a career spanning Meta, Tanium, Mandiant, and even technical consulting for Mr. Robot, Kazanciyan has witnessed firsthand the transformation of IT environments. 

In this exclusive interview, he breaks down the evolution of cloud security, the challenges businesses face, and what’s next for the industry.

The Shift from On-Prem to Cloud-Native Security

As you saw in the video above, legacy IT teams used to manage infrastructure end-to-end, relying on perimeter-based security. Once breached, attackers moved laterally with ease, driving major ransomware attacks.

Today, businesses are cloud-first; many key applications are Internet-hosted, accessible through the web, and reliant on Single Sign-On for authentication and access control. This shifts many key security controls to per-application, per-access – instead of relying solely on device or network-level management.. But many companies still operate in a hybrid state, mixing legacy on-prem systems with cloud-native technologies. The challenge is migrating efficiently and securely without disrupting business operations.

Cloud Security: Easier, Yet More Complex

Cloud services offer scalability, faster deployment, and a unified security framework. But the speed of development creates new risks: the ease with which developers can adopt and build on cloud services is both a boon and a challenge – it means security teams have to embrace a faster rate of change, and new forms of complexity.

SaaS vs. Cloud Security: What’s the Difference?

Beware of this common misconception: cloud security and SaaS security aren’t the same thing.

Cloud Security

Cloud security refers to developing and operating systems on public cloud infrastructure. In other words, it refers to building and running systems using cloud platforms like Amazon Web Services (AWS), Microsoft Azure, or Google Cloud (GCP).

These platforms offer many tools that let businesses store data, run applications, and manage networks without needing to own physical servers. They are often called infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS). Developers can choose how much control they want over their setup, depending on their needs.

SaaS Security

On the other hand, Software as a Service (SaaS) is when companies provide fully managed applications, like Google Workspace or Salesforce, which run on cloud infrastructure behind the scenes.

Shared Responsibility Models

The key difference is who handles security. With SaaS, customers mainly focus on managing user access and settings. With cloud security, businesses have a bigger role in securing their systems, including protecting their data, applications, and network configurations.

Cloud Security vs SaaS Security comparison table

Where Wiz Fits In

Wiz was built to simplify cloud security for both developers and security teams. We eliminate complexity by offering a seamless deployment experience and a unified view across all cloud environments. We help organizations prioritize the risks that matter—finding ‘toxic combinations’ of misconfigurations and vulnerabilities that attackers could exploit.

This proactive approach extends to AI security. Within a year of Azure OpenAI and Amazon Sagemaker’s release, over 70% of organizations had adopted them. Wiz added ‘AI Security Posture Management’ to ensure customers could extend security guardrails to these emerging technologies.

Cloud Security Trends for 2025

There are three major risks that cyber insurance professionals and insureds should be aware of this year:

  • Exposed cloud assets: Attackers exploit misconfigured, poorly-secured databases, buckets, and services left open to the internet, and may use the stolen data to extort victims.
  • Cloud resource hijacking: Threat actors abuse insecure cloud services for cryptomining or to stage attacks against other organizations, racking up massive costs for victims.
  • Credential-based attacks: Attackers steal passwords or access keys from past data breaches and use them to gain unauthorized access to cloud systems with high-level permissions.

To stay ahead, Wiz continuously tracks cloud threats through their Cloud Threat Database and publishes insights at blog.wiz.io.

Assessing Your Insureds’ Cloud Security

Start with these foundational areas:

Visibility:

  • How do they maintain visibility and coverage over all of their cloud resources? 
  • If they’re single-cloud, do they have insight into all the technologies in use? 
  • If multi-cloud, do they have a unified or disparate approach that covers the other clouds in use?

Risk assessment:

  • How do they identify risks across all of their cloud environments? 
  • Do they have coverage of each layer (configuration, code, runtime, data, identity) in each cloud, or are there gaps?

Security ownership:  

  • How effectively do they democratize security? 
  • Is security owned by a single team, or are developers and DevOps collaborating as part of the process?

Incident response agility

  • How agile are they when responding to cloud-based threats? 
  • Do they have a security operations function (in-house or outsourced) that is equipped to conduct detection, investigation, and remediation tasks in cloud environments?

Time to Rethink Cyber Insurance Questionnaires?

There are some tweaks that could be made to the cyber insurance proposal forms that would provide a better sense of an insured’s coverage and maturity. Here are some staring points:

  • Cloud provider inventory: What platforms are in use and what business functions do they support?
  • Security tooling: What technologies manage vulnerabilities, posture, and detection?
  • Cloud security ownership: Who is responsible for security operations?
  • Authentication practices: How are permissions managed, and where are just-in-time privileges used?

Final Thoughts

As businesses accelerate cloud adoption, security teams must adapt to evolving threats, new technologies, and the increasing speed of innovation. Wiz is at the forefront, helping organizations cut through complexity and stay ahead of attackers.

Unlock more world-class knowledge and expertise.

Upgrade your membership to enjoy unlimited access to premium content.

Upgrade Membership

Already have an account?

Sign in
Download Now

About Cyber Insurance Academy

The Cyber Insurance Academy was cultivated by the leading minds in cybersecurity and insurance, with a mission to help cyber insurance professionals stay ahead of the curve. We aim to address the industry’s educational gap and technical challenges, while fostering a vibrant community of like-minded professionals.

 

Our first-of-its-kind online campus blends a Gold-Standard CII-CPD accredited course, expert-led certification courses, industry-leading events, a top-tier content library, and a supportive, diverse and professional network that equips you with the confidence and expertise to lead in cyber insurance and make an impact.

You may also like

All posts

Want cyber insurance updates sent straight to your inbox?

Cyber Insurance Academy

Demonstrates the quality of the learning of the Cyber Insurance Academy and confirms that it meets CII/ Personal Finance Society member CPD scheme requirements.

Demonstrates the quality of the learning of the Cyber Insurance Academy and confirms that it meets CII/ Personal Finance Society member CPD scheme requirements.

COMPANY
LEARNING
Enterprise
LIBRARY
Join our newsletter!

Stay up-to-date on the latest cyber insurance news

Facebook Linkedin X-twitter Youtube

Copyright © 2024/2025 Cyber Insurance Academy

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .
Skip to content