/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/2025/11/17/cognizant-to-acquire-3cloud1-2025-11-17-18-36-04.jpg)
Fortinet has released The 2026 State of Cloud Security Report, produced by Cybersecurity Insiders and based on a global survey of more than 1,160 cybersecurity leaders and professionals. The report points to a widening “cloud complexity gap”,driven by a growing mismatch between the pace of modern cloud environments and the ability of security teams to maintain consistent real-time visibility, detection, and response.
According to the analysis, this gap has emerged from three interlinked factors: fragmented security systems, workforce constraints, and the increasing speed of cyber threats.
Fragmentation, Skills Shortages and Machine-Speed Threats
The report finds that security tools continue to expand alongside cloud adoption, often without sufficient coordination. This has led to disconnected systems, inconsistent controls, and limited end-to-end visibility. As a result, cybersecurity teams are required to manually correlate alerts from multiple platforms that were not designed to operate together. Nearly 70 per cent of organisations surveyed said that tool sprawl and visibility gaps are among the main barriers to effective cloud security.
At the same time, organisations are facing persistent skills shortages. Many struggle to recruit and retain qualified cybersecurity professionals, placing additional pressure on existing teams. This shortage contributes to slower response times and missed warning signals. The survey shows that 74 per cent of respondents report an active lack of skilled professionals, while 59 per cent remain in the early stages of cloud security maturity.
Threat actors are also operating at increasing speed. The report notes that attackers are using automation and artificial intelligence to identify misconfigurations, trace permission pathways, and locate exposed data more quickly than traditional defences can respond. As the window between vulnerability discovery and exploitation narrows, 66 per cent of respondents said they lack strong confidence in their ability to detect and respond to cloud threats in real time.
The findings highlight that cloud environments are becoming more complex as organisations adopt hybrid and multi-cloud models. These environments typically combine multiple public cloud platforms, on-premises infrastructure, software-as-a-service applications, and distributed users and devices. This layered architecture adds to the challenge of maintaining consistent security controls.
According to the survey, 88 per cent of organisations now operate in hybrid or multi-cloud environments, up from 82 per cent last year. Among them, 81 per cent rely on two or more cloud providers for critical workloads, compared with 78 per cent previously, while 29 per cent use more than three providers.
Towards Integrated Security Frameworks
The report links cloud expansion directly to a growing attack surface. As new providers, services, and users are added, cloud systems generate new configurations, permissions, and data flows. While infrastructure can scale automatically, this growth also increases complexity and reduces transparency. For cybersecurity teams, the main challenge lies in securing an environment that is constantly changing, while maintaining visibility, resilience, and operational efficiency.
In response to these pressures, organisations are reassessing their security strategies. The survey suggests a gradual shift away from isolated, function-specific tools towards more integrated security frameworks. Many organisations are seeking systems that can share data and coordinate controls across network, cloud, and application environments.
If starting afresh, 64 per cent of respondents said they would design their cybersecurity strategy around a single-vendor platform that integrates multiple security functions. Participants cited the burden of managing and integrating tools from different providers as a key concern. The report notes that consolidation is viewed not only as a way to reduce complexity, but also as a means to improve visibility, speed up incident response, and support more proactive risk management.
Overall, the report argues that organisations need to address structural weaknesses in their cloud security operations, including rapid growth, fragmented systems, limited specialist expertise, and the rise of AI-enabled threats. These issues are particularly relevant for companies developing artificial intelligence strategies, which depend on stable and secure digital foundations.
Commenting on the findings, Vishak Raman, Vice President of Sales for India, SAARC, SEA and ANZ at Fortinet, said: “Cloud environments are evolving faster than most security teams can keep up with, especially as AI accelerates both innovation and risk. While attackers are increasingly operating at machine speed, many organisations are still dependent on manual processes and fragmented visibility. Closing this gap requires a more unified approach to cloud security that enables faster insight, coordination, and response.”