Cloud security has never been more critical, or more complex. As businesses push further into hybrid and multi-cloud environments, they’re reaping the benefits of flexibility and scalability, but also encountering a new set of security headaches.

From misconfigurations to compliance hurdles and a widening skills gap, IT leaders are grappling with security risks that are growing harder to manage, making visibility and control more elusive than ever.

The 2025 State of Cloud Security Report from Fortinet, based on insights from 873 cybersecurity professionals, captures the pulse of these challenges, revealing just how prepared (or unprepared) organizations feel when it comes to protecting cloud assets.

The data shows a clear shift: companies are investing more in security, adopting new tools, and doubling down on automation, yet confidence in real-time threat detection remains worryingly low.

Hybrid and Multi-Cloud Strategies

Hybrid and multi-cloud adoption has moved from a trend to the norm. The report finds that 54% of organizations have adopted a hybrid cloud strategy, integrating on-premises systems with public cloud environments for greater flexibility and control.

At the same time, 78% of organizations use two or more cloud providers, underscoring the growing reliance on multi-cloud strategies to enhance resilience and leverage specialized capabilities. While these approaches offer operational benefits, they also introduce significant security concerns.

The fragmented nature of multi-cloud environments means security teams must navigate multiple platforms, each with its own security configurations, monitoring tools, and compliance requirements.

58% of organizations cite difficulties in ensuring data protection and privacy for each cloud environment, while 55% report struggling with visibility and control in multi-cloud environments, challenges that significantly increase the risk of misconfigurations, one of the leading causes of cloud data breaches.

Organizations that lack a centralized security strategy find themselves vulnerable to gaps in monitoring, inconsistent policy enforcement, and delays in threat detection.

2025 State of Cloud Security Report – Fortinet

Compliance and Skills Gap Concerns

61% of organizations cite security and regulatory compliance as their top concern, up from last year’s findings. Stricter data protection laws and industry regulations have made security misconfigurations a critical risk, particularly in hybrid and multi-cloud settings.

Compounding the issue is the persistent shortage of cybersecurity talent. 76% of organizations report a lack of cloud security expertise, making it difficult to deploy, manage, and monitor cloud security frameworks effectively.

This skills gap has driven increased investment in automation and security training initiatives.

Without sufficient expertise, organizations risk misconfigurations, weak access controls, and delayed threat response times, issues that attackers increasingly exploit. Addressing this challenge requires not only new technology but also a greater focus on workforce development.

2025 State of Cloud Security Report – Fortinet

Real-Time Threat Detection Gaps

Despite significant investments in cloud security tools, many organizations still lack confidence in their ability to detect and respond to threats in real time.

According to the report, 64% of security professionals feel unprepared to handle real-time cloud threats, highlighting a critical gap in proactive security measures. The complexity of multi-cloud environments makes it harder to detect anomalies and correlate security incidents across different platforms. Misconfigurations, insufficient monitoring, and a lack of unified security visibility exacerbate these risks.

To counteract these challenges, organizations are increasingly turning to Cloud Security Posture Management and Cloud-Native Application Protection Platforms, with 67% and 62% adoption rates, respectively.

These tools help identify misconfigurations, enforce security policies, and improve visibility across cloud assets, enhancing an organization’s ability to detect and mitigate threats faster.

2025 State of Cloud Security Report – Fortinet

Investment in Unified Security Platforms

One of the most striking findings from the report is the overwhelming preference for unified cloud security platforms.

97% of respondents agree that having a centralized dashboard for managing security policies across all cloud environments would significantly improve security outcomes.

This preference reflects the challenges of managing fragmented security solutions across different cloud providers. A unified platform simplifies security policy enforcement, ensures consistency, and provides a comprehensive view of potential vulnerabilities.

Additionally, cloud security budgets are on the rise, with 63% of organizations planning to increase spending on cloud security in the next 12 months. These investments signal a growing recognition that cloud security is not just a technical necessity but a business imperative.

2025 State of Cloud Security Report – Fortinet

The Wrap

The 2025 State of Cloud Security Report from Fortinet makes clear that as organizations push further into hybrid and multi-cloud environments, security risks are becoming harder to manage.

Gaps in visibility, compliance struggles, and a persistent skills shortage leave critical assets exposed, with many security teams lacking confidence in real-time threat detection. The overwhelming demand for unified security platforms reflects an industry-wide push to simplify cloud security, improve visibility, and reduce misconfiguration.

Automation alone won’t solve these challenges, closing the expertise gap and embedding security into cloud architecture from the start will be just as critical. Organizations that embrace a security-first approach, prioritize resilience over convenience, and invest in the right tools and talent will be the ones best equipped to navigate the complexities ahead.