IT Brief US - Technology news for CIOs & IT decision-makers
United States

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Hybrid cloud security challenges illustration with vulnerable server connections and it professionals
#
Hybrid Cloud
#
Cloud Security
#
Breach Prevention

Cloud security gaps widen as skills & identity risks persist

Yesterday
Author image
By Jed Nykolle Harme, Editor

New research highlights significant gaps in how organisations are handling the fundamentals of cloud security as they expand adoption of complex cloud and hybrid computing environments.

The State of Cloud and AI Security 2025 report, commissioned by Tenable in collaboration with the Cloud Security Alliance, surveyed more than 1,000 IT and security professionals globally, including respondents from the Asia Pacific. The findings reveal that a critical failure to address identity-based threats and a persistent internal skills gap are contributing to considerable cyber exposure risks.

Hybrid and multi-cloud complexity

According to the report, today's IT environment is increasingly complicated. The data shows that 82% of surveyed organisations now operate hybrid environments, and 63% make use of multiple cloud providers. As the use of cloud services continues to expand, organisations are required to achieve unified security visibility and enforce consistent security policies across fragmented platforms.

However, the research found that most organisations currently lack the necessary controls to manage this complexity. This deficiency is leading to blind spots that can be exploited by attackers. The report underscores that, despite identifying cloud security as a priority, organisations are not taking sufficient action to mitigate risks.

Identity emerges as a vulnerability

The research identifies identity management as the central vulnerability in current cloud security practices. A majority of respondents (59%) named insecure identities and permissions as their primary cloud security concern. Yet, data from reported breaches indicates that actions taken are frequently insufficient to address these risks.

The report attributes the leading causes of breaches to failures in identity management, including excessive permissions (31%), inconsistent access controls (27%), and weak identity hygiene (27%). The authors note that these are not isolated technical mistakes, but evidence of a wider systemic breakdown in how organisations govern identity across their enterprises.

Shortage of expertise

Progress toward improved cloud security is further hampered by a persistent shortage of expertise. The study reveals that 34% of organisations view the lack of skilled professionals as their greatest challenge in securing their cloud environments. This deficit in expertise is said to create a ripple effect, resulting in unclear security strategies (noted by 39% of participants) and a disconnect between security teams and organisational leadership.

Nearly one-third of respondents (31%) also stated that their own executives do not have a sufficient understanding of cloud security risks. This lack of awareness at leadership level is seen as an obstacle to gaining the support, budget, and resources necessary to strengthen cyber defences.

Systemic governance concerns

"Identity has become the cloud's weakest link, but it's being managed with inconsistent controls and dangerous permissions. This isn't just a technical oversight; it's a systemic governance failure, compounded by a persistent expertise gap that stalls progress from the server room to the boardroom. Until organisations get back to basics, achieving unified visibility and enforcing rigorous identity governance, they will continue to be outmanoeuvred by attackers," said Liat Hayun, VP of Product and Research at Tenable. 

The findings indicate that organisations are aware of identity-related exposures yet continue to lack the mechanisms and expertise to respond effectively. The report suggests that unless institutions strengthen their fundamentals - unified visibility, enforcement of consistent security controls, and investment in skilled personnel - these gaps will persist.

The study stresses the importance for organisations to review not only their technology but also their governance and skills development, as these are key to closing exposure gaps and improving overall risk management in cloud and hybrid environments.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cloudhouse launches Alchemy APS to help banks modernise quickly
SentinelOne to acquire Observo AI to boost AI-native security data
TetraLogical launches self-led online courses in digital accessibility
Siemens joins CHERI Alliance to boost cybersecurity in EDA sector
Databricks secures USD $1 billion to boost AI & hits USD $100 billion value

Top stories

JFrog unveils AI Catalogue to enhance secure model governance
Kyndryl & VML partner to boost customer engagement with AI
Spreetail unveils Promise Pro to speed up large item deliveries
Mendix extends Snowflake partnership to boost AI app delivery
Atarim launches InnerCircle AI agents to boost creative projects