There is a growing concern among cybersecurity experts about how organisations manage risk in cloud environments, particularly across multiple platforms. What often begins as a minor vulnerability can escalate into a prolonged intrusion, with attackers moving undetected across systems.

This challenge, known as lateral movement, remains one of the most overlooked threats in modern cloud security. According to Cloud Security Engineer Opeyemi Alao, many organisations are still not prepared for what happens after an initial breach.

“Most organisations focus their security efforts on keeping attackers out. Far fewer have seriously addressed what happens once an attacker is already in. In a multi-cloud environment, that question is existential”, said Alao, a Cloud Security Engineer and graduate of Lamar University, Beaumont, Texas.

Alao explains that the shift to multi-cloud architectures — using platforms such as AWS, Microsoft Azure, and Google Cloud — has dissolved the traditional security perimeter. This creates complex integration challenges and leaves potential gaps between systems.

His research, published in a peer-reviewed international journal, introduces a Zero Trust Multi-Cloud framework, built on continuous verification rather than assumed trust. Every access request is evaluated in real time using identity checks, device health, location data, and behavioural patterns.

Testing of the framework across AWS and Azure showed strong results, blocking all unauthorised access attempts and preventing lateral movement entirely. The system also significantly improved threat detection and response times compared to conventional models.

A key advantage of the approach is its ability to enforce a single, centralised security policy across multiple cloud providers, reducing inconsistencies that often create vulnerabilities.

However, the model is not without trade-offs. Increased security measures led to modest rises in CPU usage and network latency. Still, Alao argues the benefits far outweigh the costs.

“A small increase in latency is a reasonable price for a system that cannot be quietly infiltrated and dismantled from the inside,” he said. “The organisations that struggle to accept that trade-off are often the ones that have not yet experienced a serious breach. Most of them eventually do.”

As more governments and institutions rely on multi-cloud systems to deliver essential services — from healthcare records and financial transactions to national security infrastructure — the need for stronger, unified security frameworks becomes increasingly urgent.

“Trust in cloud infrastructure cannot be assumed,” he said. “It has to be designed, verified, and continuously earned. That is not a technical preference. That is the only model that works.”