Cloud security challenges and priorities for 2025

Cloud security challenges in 2025: Thales (Imperva) analysis

Cloud services have become an integral part of modern enterprise infrastructure, yet their protection remains a significant challenge for organizations worldwide. According to the 2025 Thales Cloud Security Study, cloud security continues to be a top investment priority, despite ongoing efforts to strengthen it. This reflects the growing complexity of hybrid and multicloud environments, which creates additional pressure on security teams.

Key findings from the 2025 Thales Cloud Security Study

The 2025 Thales Cloud Security Study report, which surveyed approximately 3200 respondents from 20 countries, highlights the main trends and problems in cloud security. The study confirms that effective data protection is critically important, especially considering AI initiatives that heavily rely on cloud resources.

Cloud remains at the forefront of security considerations

Cloud security is recognized as the most relevant security discipline, named among the top five by 64% of respondents, with 17% ranking it first. This underscores the persistent difficulties organizations face, not only in protecting cloud environments but also in maintaining a qualified workforce for their effective management.

The increasing volume of sensitive data in the cloud is another significant factor. This year, 54% of data in the cloud is classified as sensitive, compared to 47% last year. Meanwhile, only 8% of respondents encrypt 80% or more of their cloud data. This creates a significant risk, as encryption is a key defense against attacks aimed at stealing credentials.

Complexity is the enemy of cloud security

Most enterprises use multiple IT systems and cloud providers, making infrastructure increasingly hybrid and multicloud. The average number of public cloud providers has grown to 2.1. 55% of respondents believe that protecting cloud environments is more complex than on-premise infrastructure.

The problem is exacerbated by the proliferation of security tools. Nearly two-thirds of respondents (61%) reported using five or more tools to detect, monitor, or classify data. Additionally, 57% of respondents use five or more key management systems for encryption. This excessive number of tools increases the risk of misconfiguration and operational errors.

Attacks target cloud resources

Cloud infrastructure has become a primary target for malicious actors. Four out of the five most frequently attacked entities in the reports are cloud-based. While about half of respondents noted an increase in direct attacks to compromise infrastructure (54%), more than two-thirds reported an increase in access-based attacks using stolen credentials and secrets (68%). This poses a critical risk where access control is the sole data defense.

Human factor as a liability

Human error ranks third among attack concerns. This points to a problem of prioritizing protection, especially in cloud environments. The shortage of skilled personnel and the growing complexity of cloud security operations only worsen this situation. Although external attacks are the primary concern, human error remains the main cause of security breaches.

Digital sovereignty in a hybrid world

The increasing use of the cloud raises concerns about data sovereignty. While one of the benefits of the cloud was that organizations didn't have to worry about location, data sovereignty mandates have turned this into a challenge. Effective data management capabilities are critically important for compliance with digital sovereignty requirements. Data protection based on encryption (42%) is widely regarded as an effective means to mitigate data location concerns.

Progress towards a more secure cloud

The cloud has become a fundamental component of modern enterprise infrastructure, and organizations must effectively secure its use to maintain customer trust and remain competitive. While the use of encryption as a data protection measure is improving, much more needs to be done. A significant portion of unencrypted sensitive data in the cloud represents a manageable risk that organizations must urgently address.

Organizations must also simplify cloud security management by integrating tools and utilizing common platforms. A unified security management system that covers both on-premise and cloud environments reduces the burden on security teams, while facilitating adaptation to changes in workloads or cloud providers, enabling innovation and optimization.

Improving the productivity and effectiveness of security teams is key to reducing human errors, which remain the primary cause of cloud data breaches. By creating a unified security environment, organizations can free up security teams to focus on strategic initiatives, unlocking new business opportunities and leveraging the potential of emerging technologies such as AI.

Download the full version of the 2025 Thales Cloud Security Study

For a personal consultation regarding Thales (Imperva) solutions, please contact Softprom specialists.

Softprom - Value Added Distributor of Thales (Imperva).