Modern cloud security faces a structural trust crisis as organizations rely on centralized identity systems, mutable logs, and implicit trust assumptions that become single points of failure at scale.
Sayali Paseband, Cybersecurity Advisor at Verisk and former AWS security consultant, argues that security leaders must shift from "assumed trust" to "verifiable trust" backed by cryptographic proof.
Her approach pairs blockchain's immutable audit trails with AI automation, creating a hybrid SOC model where machines handle high-confidence actions at speed while humans focus judgment on ambiguity.
Modern cloud security has a trust problem. Rather than a superficial skills shortage or a simple tooling gap, it's a structural problem rooted in a reliance on centralized identity systems, mutable logs, and implicit trust assumptions in a world that has become highly distributed and automated. The consequences are far from theoretical, reflected in security incidents at even the largest cloud environments and events involving stolen login data. The risks of relying on provider assurances are clear. It all boils down to a single, fundamental question: how can any organization independently verify what actually happened?
Sayali Paseband is a Cybersecurity Advisor at insurance industry analytics provider Verisk. Her perspective draws on experience across multiple organizations and years of research. A former security consultant at AWS, where she authored official prescriptive guidance on cloud security maturity, Paseband believes that before many organizations can successfully adopt the next wave of security technology, they must first unlearn the assumptions that created the problem.
"Cloud security today is experiencing a trust crisis. Organizations continue to depend on centralized identity systems, mutable logs, and implicit trust assumptions, and those become single points of failure as systems scale,” says Paseband. This requires rethinking the architectural tenets that have long guided security. For many leaders, the belief that centralization equals control led to creating systems, like centralized SIEMs, that actually concentrate risk. Making matters worse, Paseband says, is a key misconception about the data these systems collect.
Claims, not evidence: “The first assumption security leaders need to unlearn is that centralization equals secure control. The second is the idea that logs are evidence. Logs are claims. Evidence requires integrity guarantees, because logs live on the very systems they monitor, making them vulnerable to tampering or loss," contends Paseband. The move away from such perimeter-based, implicit trust models is now being formalized in frameworks like the Zero Trust Architecture, with government agencies even providing playbooks on how to use expanded cloud logs to detect advanced threats.
That need for integrity is amplified by the distributed nature of modern business, where important tasks span multi-cloud systems, SaaS platforms, and third-party vendors. In this environment, she explains, no single party can or should own the full trust narrative, especially when dealing with the number one risk most organizations still face: insider threats. For these incidents, "proving what actually happened matters as much as stopping the attack," Paseband notes, requiring "post-incident integrity" that is non-negotiable and verifiable through granular, tamper-evident logs.
For advocates of this model, the goal is to evolve trust into something that is provable. Paseband promotes replacing "assumed trust" with "verifiable trust," a model that provides cryptographic proof of integrity, not just provider assurances. Stripped of its cryptocurrency hype, blockchain offers a practical trust-building mechanism: an immutable, distributed ledger. It provides a way to create tamper-evident audit trails, where the integrity of security telemetry can be cryptographically proven. This principle is already applied in tools that offer log file integrity validation. She clarifies that this approach is about treating trust as a measurable attribute that must be continuously proven, framing it as an evolution that improves the existing ecosystem.
Proof before prediction: In Paseband’s view, this foundation of verifiable truth is a non-negotiable prerequisite for safely deploying artificial intelligence. AI is a powerful amplifier, but it is only as reliable as the data it is fed. Layering AI on top of an untrustworthy foundation will only accelerate failure, a risk other experts have identified when employees feed sensitive data into insecure AI tools. “If the underlying trust model is weak, automation using AI doesn't fix it. It will just accelerate the failure," Paseband explains. "Until leaders stop assuming that identity, telemetry, and policies are inherently trustworthy simply because a provider manages them, neither AI nor blockchain will be able to deliver the assurances that organizations need.”
Earning enforcement authority: The argument is that before AI can move from a purely advisory role to one of automated enforcement, it must first earn that authority. "AI will earn enforcement authority the same way humans do: through accountability and evidence," Paseband notes. "For an AI, this requires high-integrity inputs, constrained decision domains with predictable outputs, and complete auditability so its actions can be validated. Blockchain provides the mechanism for that auditability and integrity."
Ambiguity over velocity: The new technological partnership prompts a significant reevaluation of the SOC. The traditional human-driven SOC often breaks down under the strain of what Paseband calls "volume and latency." It also fails at "evidence confidence," because analysts spend too much time questioning the integrity of the data they are given, says Paseband. The future SOC will operate on a hybrid model that automates high-confidence actions at machine speed while elevating human analysts to focus on sophisticated threats. It represents a move away from reactive models that generate overwhelming alert fatigue toward a more proactive, “alertless” framework where AI can help reduce analyst workload. "The non-negotiables include provable telemetry, which ensures responses are defensible, and automated enforcement for high-confidence scenarios. This isn't about removing humans from the loop, but about reserving human judgment for ambiguity, not for velocity," says Paseband.
In Paseband's view, defining the future of cloud security requires a fundamental change in philosophy, moving beyond buzzwords like 'self-healing.' The true goal is to architect systems that can “prove their own behavior.” This philosophical approach prioritizes creating systems that are inherently provable, adaptive, and resilient over the traditional focus on building stronger perimeters. “The future of cloud security will not be about having stronger walls, but about having unbreakable proofs," concludes Paseband. The ability to independently verify what actually happened isn't just a competitive advantage. It's the foundation for everything that comes next.
