Explore the 2025 Cloud Security Study with new insights on the latest cloud security trends and challenges
Cloud-based services have become a common and critical part of enterprise infrastructure, but organizations still struggle to secure them. This latest edition of the Thales Cloud Security Study examines organizations’ challenges, successes and strategic plans related to their cloud-based infrastructure and services. While most enterprises have integrated cloud resources into their operations, many need to improve their ability to secure these environments and the data they contain. Despite cloud security’s status as respondents’ top security spending priority, most organizations require significant advancement in their cloud security posture and operations. The rapid push to support AI initiatives, which are often heavily cloud-dependent, further intensifies the urgency, as effective and efficient data protections are required to deliver on the promise of AI.
Conducted by
Sponsored by
Download the full report and read more about
Securing a Hybrid and Multicloud World
Key Findings
Cloud Remains at the Forefront of Security Considerations
64% of all enterprises regard cloud security as a pressing security discipline.
52% indicated that AI security spending is eating into or taking over existing security budgets.
54% of data in the cloud is sensitive, up from 47% last year.
Only 8% of respondents encrypt 80% or more of their cloud data.
Attacks Target Cloud Resources
54% cited an increase in direct attacks to compromise infrastructure.
The Liability that is the Human in the Loop
68% cited credential and stolen secrets as the fastest-growing cloud infrastructure attack tactics.
Complexity is the Enemy of Cloud Security
85 The average number of SaaS applications in use, a 6% increase.
2.1 The average number of public cloud providers used by enterprises.
55% report that securing cloud environments is more complex than securing on-premises venues, up from 51% last year.
57% are using five or more key management systems, up from 53% last year.
Digital Sovereignty in a Hybrid World
42% cite encryption and key management as sufficient to achieve sovereignty objectives regardless of data’s physical location.
33% regard future-proofing portability for workloads and data as primary drivers for digital sovereignty initiatives.