02 September 2025
5 min
Read
Dayna-Jean Broeders
02 September 2025
5 min
Read
Cloud adoption in New Zealand is accelerating, but so are cyber threats. As businesses shift their operations, customer data, and critical systems into platforms like Microsoft Azure, AWS, and Salesforce, attackers are following. Platform-based attacks, where criminals exploit vulnerabilities within widely used cloud applications and services, are on the rise.
Recent breaches, such as the Google-Salesforce compromise, are stark reminders that no provider is immune. While cloud platforms offer powerful scalability and innovation, the security responsibility is shared, and businesses that assume their provider alone will protect them leave themselves dangerously exposed.
This is where secure cloud migration plays a vital role. Moving to the cloud is not just about efficiency or scalability, it’s about doing it in a way that reduces your risk, strengthens your defences, and future-proofs your business.
Attackers target cloud platforms because they are centralised, widely used, and hold enormous volumes of sensitive data. A single vulnerability can potentially impact millions of users worldwide. Common threats include:
Credential theft and account hijacking - Exploiting weak identity management or poor MFA enforcement.
Misconfigurations - One of the most common causes of cloud breaches, often due to rushed or unmanaged migrations.
API exploitation - Cloud services rely heavily on APIs, which can be manipulated if not secured.
Insider threats - Both malicious insiders and well-meaning staff with excessive permissions create exposure.
In New Zealand, 73% of organisations now use public cloud services for critical workloads (NZTech 2025 projection). Yet CERT NZ reports that cloud-related incidents, including credential compromise, have grown year on year. SMEs are particularly at risk, as many lack in-house expertise to configure, monitor, and secure these environments effectively.
Cloud migration isn’t simply a technical lift-and-shift exercise. Done poorly, it creates more vulnerabilities than it solves. Done securely, it lays the foundation for resilience and confidence. Key benefits include:
1. Minimised Misconfiguration Risks
A structured migration process includes baseline security configurations, hardened identities, and the removal of unused services. This prevents one of the biggest drivers of breaches: human error during setup.
2. Built-In Zero Trust Principles
Migrating securely allows businesses to design with Zero Trust in mind, ensuring every user, device, and connection is verified, rather than assuming implicit trust.
3. End-to-End Visibility and Control
Secure migration includes integrating monitoring tools and Managed Detection & Response (MDR) services from day one. This means threats are identified and contained before they escalate.
4. Compliance Alignment
For industries like law, real estate, and startups seeking investment, compliance frameworks (ISO, NIST, SOC 2) are increasingly required. Secure migration ensures your new environment is audit-ready.
5. Resilience Against Platform-Based Attacks
Even if Microsoft, Google, or AWS are targeted, your business has layered protections in place: encrypted data, strict access policies, and incident response playbooks.
New Zealand businesses, irrespective of size or industry, are not immune to cyber threats. The Google-Salesforce breach has demonstrated that even well-protected platforms can be compromised. As digital transformation continues to accelerate, the need for robust cloud security becomes more pressing.
Prioritising cloud security helps protect sensitive data, maintain customer trust, and ensure business continuity. With the increasing reliance on digital platforms, a breach can have devastating consequences, including financial loss, reputational damage, and legal ramifications.
1. Don’t assume your cloud provider covers everything. Their responsibility stops at the platform level; securing your data, access, and processes is on you.
2. Invest upfront in secure migration. Retrofitting security later costs significantly more and leaves gaps attackers can exploit.
3. Adopt continuous monitoring. Cloud is dynamic, threats change daily, and so must your defences.
4. Seek strategic oversight. A vCISO ensures security is part of your business growth plan, not just an IT afterthought.
1. Isn’t cloud automatically more secure than on-premises?
Not automatically. Cloud providers deliver secure infrastructure, but businesses remain responsible for access controls, configurations, and monitoring.
2. What’s the biggest risk during migration?
Misconfiguration. Rushed or poorly planned moves often leave data exposed or permissions too broad.
3. How do I know if my cloud environment is vulnerable?
Regular security assessments and MDR monitoring help uncover gaps. NSP also provides vCISO advisory to align your environment with best practices.
4. How long does a secure migration take?
It depends on scale and complexity, but the process should never be rushed. A proper plan saves time and risk in the long run.
5. Can secure migration help with compliance (ISO, SOC 2, GDPR)?
Yes. Building compliance into your migration ensures your environment meets required frameworks from the start.
Cloud platforms are the backbone of modern business. But as attackers exploit their popularity, NZ organisations cannot afford to treat migration as a box-ticking exercise. A secure migration reduces exposure, improves resilience, and positions your business to grow with confidence.
Now is the time to reassess your cloud journey. If you’re considering a move, or want to validate your current environment, book a consultation with NSP. We’ll help you migrate securely and stay ahead of the next wave of platform-based attacks.
Enter your details below to stay up-to-date with the latest IT solutions and security measures.
