Trends, challenges and strategies for cloud cybersecurity

What are the trends, challenges and strategies shaping cloud security? What factors are driving the adoption of hybrid and multi-cloud, what are the changing challenges organizations face, and the steps to take to protect these increasingly dynamic environments?

He State of Cloud Security Report 2025, sponsored by Fortinetthe global cybersecurity leader driving the convergence of networking and security, and produced by Cybersecurity Insidersprovides a comprehensive analysis that answers these questions, based on the responses of more than 800 cybersecurity professionals in various industries and geographies.

Many organizations facing the challenges of cloud adoption recognize the importance of safeguarding their initiatives. As a result, they will significantly increase their cloud security investments over the next year, channeling their resources to address critical security gaps, ensure compliance, and overcome technical complexities.

“Cloud adoption is at the heart of digital transformation, providing organizations with the agility and flexibility they need to remain competitive in a rapidly changing market. Competing in a digital economy requires developing personalized customer experiences, adopting a more prominent work from anywhere (WFA) strategy, streamlining workflows, and optimizing distributed operations for greater efficiency and scalability,” he said. Vince Hwangvice president of Product Marketing Management at Fortinet.

While the power of the cloud certainly allows businesses to quickly adapt to today’s changing demands, it also presents unique challenges that security teams must recognize and manage. These include safeguarding sensitive data, ensuring regulatory compliance, and maintaining visibility and control in increasingly complex hybrid and multi-cloud environments.

Adoption trends: multi-cloud and hybrid environments will continue to dominate

Cloud adoption continues to redefine IT operations, with hybrid and multi-cloud models emerging as the leading strategies for most organizations. According to the report, 82% of organizations surveyed now leverage cloud environments to achieve greater scalability, flexibility and resilience.

To that end, hybrid cloud adoption has increased to 54%, allowing organizations to integrate their on-premises systems with public cloud platforms. This approach enables organizations to optimize the deployment of their applications based on their needs, achieving a balance between control and compliance. For example, IT teams can use public clouds for customer-facing applications while keeping sensitive data secure in their private environments.

Cloud security challenges

While cloud adoption offers substantial benefits, it also brings significant security challenges: 61% of respondents reported that security and compliance concerns are their top barriers to cloud adoption. Misconfigurations, regulatory non-compliance, and data breaches are among the most pressing issues identified, especially as hybrid and multi-cloud environments expand. For example, healthcare providers migrating patient records to the cloud must comply with HIPAA regulations while safeguarding sensitive information.

And the cybersecurity skills gap compounds these challenges. A staggering 76% of organizations report a shortage of cloud security expertise and human resources, limiting their ability to implement and manage comprehensive security solutions. This shortage not only underscores the need for specific training and upskilling to close the gap, but also to rethink cloud deployment strategies to reduce complexity and increase security effectiveness.

This is even more critical when considering another weakness highlighted by the 2025 Cloud Security Report: real-time threat detection. Only 36% of respondents expressed confidence in their organization’s ability to detect and respond to threats in their cloud environments. This lack of trust highlights vulnerabilities in current architectures, especially in complex hybrid and multi-cloud configurations.

Unified cloud security platforms: a key solution

The State of Cloud Security 2025 report emphasizes implementing a unified cloud security platform strategy to address these challenges. An overwhelming 97% of respondents prefer centralized solutions that simplify policy management, improve visibility, and ensure consistent enforcement across diverse environments.

As a result, organizations are urged to invest in acquiring and implementing a platform in the unified cloud. An ideal platform, like the one offered by Fortinet, should offer comprehensive 360-degree defense-in-depth protection and end-to-end visibility to help organizations fully understand their cloud environment, better operate their environment, and increase security effectiveness. , all while reducing complexity.

Additionally, it should offer built-in capabilities such as Cloud Security Posture Management (CSPM), Code Security and Cloud Infrastructure Entitlement Management, such as those provided in Fortinet’s Lacework FortiCNAPP Cloud Native Application Protection Platforms (CNAPP) solution. While traditional standalone CSPM tools can identify misconfigurations such as exposed storage buckets, they lack the ability to actively protect or provide the full visibility and context to amplify weak signals and identify complex threats within the cloud environment.

Increased investment in cloud security

On average, Cloud security currently represents 35% of total IT security spending, reflecting the growing importance of securing hybrid and multi-cloud environments. But now that cloud security is a priority for organizations, 63% plan to increase their budgets in the next 12 months.

Organizations should evaluate their approaches to cloud security investments, particularly those with minimum cloud spend commitment obligations. They should consider flexible everyday licensing programs, such as Fortinet FortiFlex, that offer a broad portfolio of solutions, allowing them to easily deploy what they need, quickly scale up or down as needed, and only pay for actual usage.

Additionally, an ideal program should allow you to reduce cloud spending commitment obligations at the same time.

Building a resilient posture

The report highlights the increasing complexity of today’s hybrid and multi-cloud environments and the urgent need for proactive strategies to address their changing challenges. Critical steps include:

• Adopt unified platforms to simplify policy management and ensure consistency across environments.

• Invest in training to close the cybersecurity skills gap.

• Leverage a cloud-native application protection platform that combines advanced tools such as workload protection, configuration management, runtime defense to protect containers, and integrated solutions, all to improve threat detection and remediation.

• Use end-to-end encryption and automated risk remediation to improve data protection.

Additionally, emerging trends such as the integration of AI-driven threat detection, the rise of edge computing, and the growing emphasis on zero trust architectures will shape the next wave of security solutions. cloud security.