Why Cloud Security Is Breaking — And How Leaders Can Fix It

60% of respondents reported needing to juggle multiple cloud and SaaS security tools — an effort they admit is often challenging.

MITSloan ME Editorial Reading Time: 3 Min 

Topics

  • News

    1. Why Cloud Security Is Breaking — And How Leaders Can Fix It

    2. IBM z17 Mainframe to Power AI Adoption at Scale

    3. Global GenAI Spending to Hit $644 Billion by 2025, Gartner Projects

    4. e& enterprise Partners with MIT Sloan Management Review Middle East for GovTech Conclave 2025

    5. More than 80% of Saudi CEOs adopted an AI-first approach in 2024, study finds

    6. UiPath Test Cloud Brings AI-Driven Automation to Software Testing

    • [Image source: Krishna Prasad/MITSMR Middle East]

    With enterprises rapidly migrating to multi-cloud and SaaS environments, a new study commissioned by Qualys and conducted by Dark Reading reveals a sobering reality: many security teams are buckling under the weight of complexity, risk, and resource constraints.

    The report, based on input from a wide spectrum of information security professionals, outlines the acute challenges businesses face in securing their increasingly dynamic and distributed digital environments — from misconfigurations and skill gaps to sluggish response capabilities and fragmented tools.

    The data shows in stark relief the real-world challenges defenders face when it comes to shoehorning traditional security practices and methods — things like managing configs and vulnerabilities, controlling access, and corralling siloed security tools — into the defences of dynamic multi-cloud and multi-SaaS environments,” said Shilpa Gite, Senior Manager, Cloud Security Compliance at Qualys.

    Cloud Chaos: Complex, Fragmented, and Hard to Control

    The majority of organizations surveyed (57%) now rely on two to three different cloud service providers. Nearly 58% have deployed at least five enterprise-wide SaaS applications. 60% of respondents reported needing to juggle multiple cloud and SaaS security tools — an effort they admit is often “challenging and suboptimal.”

    Security Teams Under Stress

    With so many moving parts, it’s no surprise that defenders are losing sleep. The top concerns: cost (54%), system reliability and performance (36%), and a shortage of staff with cloud-specific security skills (27%).

    Attacks targeting cloud and SaaS environments are relentless, with threats ranging from phishing and account hijacking to ransomware, data exfiltration, and distributed denial-of-service (DDoS) assaults. Still, one issue rises to the top across both domains: misconfigurations. Twenty-four percent flagged misconfigurations as a key concern in cloud environments, and 33% said the same for SaaS. Yet, experts warn that this level of concern may underestimate the actual risk.

    A Lack of Visibility — and Urgency

    Perhaps most troubling is what the report calls “situational blindness.” Only a minority of organizations conduct ongoing or continuous assessments of their cloud and SaaS ecosystems. Most still assess risk on a quarterly or annual basis — if at all.

    In parallel, patching delays and unaddressed vulnerabilities in web apps and cloud systems continue to expose organizations to significant risk. Almost 20% of respondents admitted they struggle to apply security updates in a timely manner.

    The result: slow and ineffective incident response. The most cited hurdles? Lack of skilled workers (49%), limited visibility into hosted environments (46%), and the inherent complexity of managing cloud-centric incidents (46%).

    A Strategic Path Forward

    The findings, while sobering, also offer a path forward. According to Qualys, securing complex cloud and SaaS environments demands a strategic shift away from piecemeal practices and toward comprehensive, unified security approaches.

    Key recommendations include:

    • Continuous Monitoring and Assessment
      Rather than relying on periodic checks, organizations should adopt continuous monitoring to detect and respond to threats in real time. This is especially critical in environments where updates and configuration changes are constant.
    • Unified Security Platforms
      Streamlining operations through a single, integrated security platform allows for consistent policy enforcement across on-prem, cloud, and SaaS. This not only reduces security gaps but also enhances visibility and operational efficiency.
    • Stronger Identity and Access Management (IAM)
      With IAM now a linchpin of enterprise security, adopting practices such as multi-factor authentication, least privilege access, and regular access audits is vital to minimizing both insider threats and unauthorized access.
    • Security Automation
      Automating key processes like patch management, vulnerability scanning, and incident response empowers lean security teams to scale their efforts, reduce human error, and improve time-to-response.
    • AI-Driven Threat Detection and Response
      As attackers grow more sophisticated, so too must defenders. Investing in AI-powered tools helps organizations detect subtle anomalies, respond faster, and better defend against advanced persistent threats (APTs), ransomware, and other evolving dangers.

    Topics

    About the Author


    View More

    Tags:

    More Like This

    You must to post a comment.

    First time here? : Comment on articles and get access to many more articles.