As organisations increasingly migrate to the cloud, the complexity of cloud environments poses significant challenges for cybersecurity. The 2025 Thales Cloud Security Survey found that while 65% of leaders believe the energy transition is progressing at a sufficient pace, the intricacies of cloud security are becoming a pressing concern.
Source: Thales 2025 Cloud Security Study
The study identified that nearly two-thirds of respondents ranked cloud security among their top five security challenges, with 17% considering it their most critical issue.
The complexity arises from several factors. Enterprises now average 2.1 Infrastructure-as-a-Service (IaaS) providers and employ around 85 Software-as-a-Service (SaaS) applications.
Furthermore, 61% of organisations utilise five or more tools for data discovery, and 57% deploy multiple enterprise key management systems. Alarmingly, one in three enterprises use over 500 APIs, creating a sprawling web of interconnected services that increases vulnerability.
Primary reasons why this complexity hampers security efforts:
- Multiple IT venues: With organisations leveraging multiple cloud providers alongside on-premises systems, security teams struggle to translate controls across platforms. Approximately 55% of respondents indicated that cloud security is more complex than on-premises security.
- SaaS application proliferation: The average number of SaaS applications per enterprise complicates the alignment of security products with existing policies, particularly concerning data and identity security.
- Tool sprawl: The extensive use of multiple tools for monitoring and classification can create “islands of management” that heighten the risk of misconfiguration and operational errors. error remains a critical vulnerability as well.
The report highlights that credential theft and stolen secrets attacks are the fastest-growing threats to cloud infrastructure, affecting 68% of organisations. As enterprises host more sensitive data in the cloud—80% report that at least 40% of their cloud data is classified as sensitive—this risk becomes even more pronounced.
Despite these challenges, organisations are taking steps to mitigate risks. A rising number are encrypting sensitive data and implementing “bring-your-own-key” (BYOK) strategies. Additionally, 65% use multi-factor authentication to secure cloud access, although adoption of privileged access management remains relatively low at 38%.
The rapid integration of AI into cloud services is further complicating security. As businesses rush to deploy AI applications, 52% of respondents indicated that AI security spending is straining overall security budgets. This highlights the need for organisations to reassess their resource allocation to maintain robust security postures.
In conclusion, while cloud environments offer significant advantages, they also present new challenges that require strategic responses. Embracing encryption, simplifying security management through integrated tools, and fostering a unified security environment can help organisations navigate this complexity.
With the right approach, enterprises can unlock new opportunities and harness the potential of emerging technologies, ensuring a secure foundation for future innovation.
