Cloud security in practice: key insights from our webinar with Sysdig

On December 10, Crystal Morin, Senior Cybersecurity Strategist at Sysdig, and Gerrit Tamboer, Chief Evangelist at TrueFullstaq, discussed the biggest cloud security challenges organizations face today. The conversation was based on the Benelux Cloud Security Report 2025, a collaboration between Sysdig and TrueFullstaq that reveals how organizations in our region approach cloud native security.

Watch the full webinar below, or scroll down for the main insights.

Open source: your responsibility, not the maintainer's

The most critical point? Security responsibility lies with you as the user, not the maintainer.

"You're not constantly exposed to risk when using open source," Crystal explains. "But you are constantly responsible for the security. Once you take on that tool, that is your tool now. There's nobody else managing it in your environment."

In practice, this means:

• Check regularly for vulnerabilities: projects can lose developers or stop being updated. If you keep using it, you do the updates.
• Watch out for dependency sprawl: Gerrit shared his NPM trauma: "I installed a couple of packages and suddenly had 10,000 dependencies. Nobody knew where they came from."
• Think beyond code: maintainers: ensure security tools can integrate, communicate transparently about limitations, and make your software operationalizable.

Data sovereignty: shifting risks, not eliminating them

Data sovereignty is both a technology and compliance challenge, Crystal explains.

Compliance requirements like the EU AI Act and DORA dictate where data can reside. Your technology stack needs to prove you meet these requirements. Granular security frameworks work better than broad regional regulations. 

Moving to sovereign or private clouds shifts your risks rather than eliminating them. "You reduce the risks from where your data lives," Crystal explains. "But you still have the security struggle with how you're running things. You can still introduce misconfigurations and vulnerabilities."

In public cloud, many security tasks fall on the provider. With sovereign clouds, you handle patching, hardening, and more yourself.

Edge computing and automation

Edge computing brings advanced technology to unpredictable environments: greenhouses, wind farms, delivery vans. Security is often an afterthought, but that's changing. 

In the Benelux, 14% of organizations have automated their security response, higher than the global 11% average.

"With edge computing, real-time detection and automation are essential," Crystal notes. "With Sysdig, you get a notification within two seconds. And if you're getting coffee? Your system has already killed the container that's doing something naughty."

Edge computing also brings physical security back into focus. USB sticks, tamper protection, and physical access: these concerns return alongside digital threats. The good news? You don't need to reinvent your threat model. Just add physical security as another layer.

AI: risk and opportunity

The term "vibe coding" came up during the webinar. We can vibe code our way into security problems if we're not careful.

Crystal spoke with the founders of Falco, Wireshark, and Kubernetes. Their concern is clear: "You don't have to be a traditional developer to contribute to open source anymore," she says. "The concern is that things will start getting blindly pushed without being manually checked by a human."

But AI can strengthen security too. "Security consists of a lot of data," Crystal explains. "That's the best use case for AI: correlating data and giving context incredibly fast."

Sysdig's AI tool, Sysdig Sage, shows this in practice. Customers log in and ask: "What happened in the last 24 hours?" The system immediately provides priorities and translates between security and developer language, drastically reducing triage time.

AI won't make security experts obsolete. "We're not going to go away," Crystal says. "It's just going to evolve. We're already seeing new job titles like AI security practitioners."

Humans are still behind attacks, also using AI. That's why we need humans on our side too.