The fourth annual State of Cloud-Native Security Report from Palo Alto Networks shows organizations face significant challenges such as overwhelming complexity, rising data breaches, and the threat of AI-powered attacks and AI-introduced vulnerabilities in code.
The security landscape for the enterprise continues to become more challenging, especially now that the cloud is the dominant attack surface, with 80% of medium, high and critical exposures found in cloud-hosted assets.
At the same time, security teams face unprecedented complexity with their toolsets, environments and threats, and while AI offers a solution to these challenges, it is also a threat, as bad actors leverage it to mount ever more sophisticated attacks.
The fourth annual State of Cloud-Native Security Report from Palo Alto Networks delves into these issues, revealing a landscape where traditional security approaches are straining under the weight of rapid technological evolution.
Organizations are managing a complex array of interconnected environments: an average of 16 cloud security tools across 12 different cloud service providers spanning SaaS, IaaS, and PaaS platforms. But this sprawling as-a-service infrastructure represents only about half of their total cloud workloads, with the remainder distributed across private clouds and on-premises systems.
The complexity is so overwhelming that 98% of respondents consider it a priority to reduce their security tool count, while 54% identify cloud environment fragmentation as a major security challenge.
Meanwhile, cloud security incidents are on the rise. Data breaches, which increased for 64% of organizations, were the most frequently reported incident type. That shouldn’t be a surprise, given that 50% of respondents are conducting manual reviews to identify and classify sensitive data in the cloud, a time-consuming and error-prone method that leaves organizations vulnerable.
In addition, compliance violations affected 48% of organizations, while 45% experienced operational downtime due to misconfigurations. Advanced persistent threats, which can remain undetected for extended periods, increased for 45% of respondents, highlighting gaps in detection capabilities despite organizations reporting no unusual challenges with incident response.
The upward trend in incidents underscores the need for strict access controls and adherence to the principle of least privilege to safeguard systems and sensitive data.
Security processes are a significant source of friction between DevOps and SecOps teams: 84% say these processes delay project timelines and 83% view them as a burden. Even more worrisome:
- 92% agree that conflicting priorities for DevOps and cloud SecOps hinders efficient development and deployment
- 71% say that rushed deployments have introduced security vulnerabilities
- Nine in 10 respondents say that security teams need more automation for risk prioritization, which would help alleviate some of these security burdens at sites across all cloud accounts and services
The rapid pace of AI adoption has outpaced security preparations. All survey respondents said that they are using AI in application development. However, this enthusiasm comes with significant concerns: Nearly half (44%) worry about security risks from AI-generated code and 38% consider AI-powered attacks a top security threat.
Also, organizations predict AI will enable more sophisticated supply chain attacks (47%), personalized phishing campaigns (45%), and exploitation of AI system vulnerabilities (44%).
Enterprises are seeking solutions through consolidation and automation. There’s strong demand for centralized security platforms that provide comprehensive visibility across all cloud accounts and services (94%), along with better integration between cloud, application, and network security (93%). The emphasis on ease of use reflects the urgent need for security tools that enhance rather than hinder productivity.
To address these security challenges, organizations need to prioritize a centralized management platform that can evolve as IT continues its journey to cloud maturity. AI must be securely adopted, and data discovery and classification should be automated. Enterprises should also review DevOps workflows to identify when security becomes a bottleneck.
Ultimately, a secure-by-design approach will likely be required to accelerate secure development.
Download the full report for a more detailed dive into the survey, its findings and recommendations.
