While cloud adoption continues to drive digital transformation, the shift to the cloud introduces critical security challenges that organizations must address.
According to Fortinet's 2025 State of Cloud Security report, a global survey of 800 cybersecurity professionals, found the growing reliance on hybrid and multi-cloud environments has become a key trend.
More than three-quarters (78%) of respondents are utilizing two or more cloud providers and 54% have adopted hybrid models integrating on-premises and public cloud infrastructures.
While these strategies offer greater flexibility and control, they also introduce complexities that can challenge security operations.
Regulatory compliance and data protection remain the biggest hurdles to cloud adoption.
Sixty-one percent of organizations identified these concerns as critical, reflecting a heightened focus on safeguarding sensitive information and meeting regulatory requirements in increasingly complex cloud environments.
Despite the rapid growth of cloud adoption, a significant skills gap hampers progress.
Just over three-quarters (76%) of organizations surveyed report a shortage of expertise in cloud security, and they are also struggling with real-time threat detection -- 64% of respondents expressed doubts about their ability to detect and respond to threats effectively.
At the same time, there is a growing demand for unified cloud security platforms featuring centralized dashboards.
The vast majority (97%) of respondents expressed a preference for these tools, which simplify policy configuration, enhance visibility, and ensure consistency across hybrid and multi-cloud environments.
Nicole Carignan, vice president of strategic cyber AI at Darktrace, said visibility is the most important factor in cloud security for organizations to be able to effectively manage IAM and compliance.
"You cannot protect what you cannot see," she explained.
She said AI-driven solutions can provide dynamic visibility into an organization's multi-cloud environments, providing full visibility in real time all the time to enable a cloud-native approach to threat detection and response.
Additionally, AI-driven security solutions can detect vulnerabilities with precision in real time, allowing businesses to respond quickly and prevent disruption to business operations. Identity is not limited to the cloud either.
"It is important to have extended visibility, detection and response across domains to understand the full scope of a potential incident or misuse of identities," Carignan said.
To combat misconfigurations and compliance gaps, organizations are rapidly adopting Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platforms (CNAPP).
About two-thirds (67%) are implementing CSPM tools, while 62% are adopting CNAPP solutions to safeguard cloud environments against emerging threats and vulnerabilities.
Rom Carmel, CEO at Apono, said the adoption of cloud created a situation where engineering and operation teams are the ones creating and maintaining infrastructure, and with that, directly affecting the cloud posture constantly.
"Therefore, IT security teams must work closely together with these teams on the engineering side to build processes to enforce security guardrails constantly as part of managing a dynamic environment," he said.
He added as more of the enterprise's assets move to the cloud, he's seeing more attacks leverage misused identities and existing access that those identities have.
"It is challenging more than ever before for security teams to keep a tight grip on who should have what access levels as the business requires to deliver fast," Carmel explained.
He pointed out security teams are struggling to keep leveraging existing tools today.
"I believe we will be seeing a continued dominant trend in cloud IAM security on the rise very soon," he said.
Carignan said that faced with limited resources, organizations must ensure their technology is helping to augment the expertise and skills that they do have.
"Organizations should seek integrated solutions purpose-built for cloud data rather than trying to retrofit on-prem tools," she explained.