/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/2025/09/05/728x90-banner-2025-09-05-13-57-21.jpg)
/vnd/media/media_files/tnb2hOEJc0izoflpWQrX.png)
Despite years of industry warnings, many organisations continue to fall short in addressing the fundamental requirements of cloud security, leaving them vulnerable to significant cyber risks. As businesses increasingly adopt complex cloud and hybrid environments, critical issues such as poor identity management and a lack of internal expertise are contributing to widespread security gaps.
These are key findings from the State of Cloud and AI Security 2025 report, commissioned by Tenable in collaboration with the Cloud Security Alliance (CSA). The study surveyed over 1,000 IT and security professionals globally, including respondents from India, to explore how organisations are adapting their risk management strategies in response to increasingly layered cloud and AI-driven infrastructures.
The current IT environment is characterised by growing complexity. According to the report, 82% of organisations now operate in hybrid environments, and 63% use multiple cloud service providers. This fragmentation demands unified visibility and consistent policy enforcement, yet many organisations lack the necessary controls, resulting in blind spots that are easily exploited by attackers.
Identity has emerged as a central challenge in cloud security. While 59% of respondents identify insecure identities and permissions as their most pressing cloud risk, their existing practices often fail to mitigate the issue effectively. Breach data highlights that the most common causes of incidents are linked to identity-related failures, such as excessive permissions (31%), inconsistent access controls (27%), and poor identity hygiene (27%). These are not isolated incidents but indicative of a broader governance failure in managing identity across enterprise systems.
A critical barrier to progress is the ongoing shortage of skilled professionals. Over a third of organisations (34%) cite the lack of expertise as their most significant challenge. This skills gap contributes to unclear cloud security strategies (reported by 39% of respondents) and a misalignment between security teams and executive leadership. Notably, nearly one-third (31%) of participants believe their senior leaders do not fully understand the risks associated with cloud security, hindering effective decision-making and resource allocation.
Liat Hayun, Vice President of Product and Research at Tenable, commented,
"Identity has become the weakest link in cloud security, yet it is often managed through inconsistent controls and excessive permissions. This is not simply a technical lapse, it reflects a systemic failure of governance, made worse by a persistent lack of expertise. Until organisations prioritise basic principles such as unified visibility and robust identity governance, they will remain at risk of being outpaced by attackers."