There's a scene playing out in IT departments across North America right now: a whiteboard covered in platform logos: Nutanix, Red Hat OpenShift, Azure Stack, AWS Outposts. While a team debates which one replaces VMware, that whole analysis might be missing the point.
Because while enterprises debate hypervisors and licensing models, attackers have found a way to walk straight through the front door without touching your infrastructure at all.
In March 2026, the European Commission's cloud infrastructure was attacked. And what the hackers scored wasn’t trivial: they compromised emails, internal admin data, and potentially a full SSO user directory.1
What made this breach so different wasn’t because of a major software vulnerability or dramatic infrastructure failure. Instead, it was how the attackers got in.
With the same access a legitimate administrator they simply compromised a credential or identity workflow.2
That’s a wake-up call for enterprises that may still be treating platform migration as a security upgrade. Because suddenly the security boundary has shifted from the infrastructure layer to identity and access control.3
When Broadcom eliminated perpetual VMware licensing in January 2024, their new subscription pricing model hit the industry hard: $50 per core with a 16-core minimum, and overnight IT teams went into full migration mode.4
And the market didn’t wait around.
Red Hat introduced new OpenShift pricing including virtualization enhancements.
Nutanix launched air-gapped recovery features and migration tooling.5
AWS and other hyperscalers began courting VMware customers directly.
And that’s all a good thing. Because platform decisions impact everything from operational flexibility to long-term cost risk.
But anyone who has lived through a platform migration knows how all-consuming they can be. When that happens, identity is moved down on the priority list and, behind the scenes, the attack surface expands.
As the platform debate goes on (and on), identity debt is grows and grows.
Platform vendor demos don’t usually start off talking about admin access and cleaning up service accounts. That’s the stuff nobody is excited to talk about. But those are exactly the kinds of details that can come back to haunt a migration project.
That’s why a few security questions deserve a place on the whiteboard right alongside your platform comparisons.
While these questions may not generate buzz at the conference, they are exactly what separates the organizations that get breached from the ones that don't.
Choosing the right infrastructure platform is a long-term decision that genuinely deserves the serious evaluation your team is giving it. But it can’t be a phase that arrives too late, or not at all.
NexusTek helps IT and security leaders navigate this challenge so teams can run identity security in parallel with infrastructure modernization.
That means:
It’s plain and simple: the European Commission breach happened because identity controls failed. Not because someone chose the wrong cloud platform. With millions of enterprise workloads in mid-migration right now, organizations are more vulnerable to identity breaches than ever.
With NexusTek, mid-market enterprises navigate private cloud migrations with security built in from the start.
If you’re ready to clean up that whiteboard and open the door to safe migration, let’s talk https://www.nexustek.com/cloud-services
Sources:
1. Infosecurity Magazine, European Commission Confirms Cloud Data Breach, March 2026
2. B2B Cyber Security, Hackers Attack European Commission's Cloud Infrastructure, April 2026
3. Cloud Computing, The cloud security complexity gap just hit the European Commission, and the data suggests it was predictable, April 2026
4. TechTarget, Red Hat OpenShift Virtualization roadmap chases VMware, May 2025
5. TechTarget, Nutanix platform may benefit from VMware customer unrest, May 2025