Cloud safety is at a tipping level. Whereas shifting to the cloud powers each development and pace for organizations, it might probably additionally deliver new dangers. In line with IDC’s newest analysis, organizations skilled a median of 9 cloud safety incidents in 2024, with 89% reporting a year-over-year improve. That’s not a typo. And it’s not only a statistic—it’s a wake-up name. As cyberthreats develop extra refined and cloud environments extra advanced, safety leaders should rethink their methods to remain forward of risk actors.
However what truly wants to vary? And what must you be doing about it? Learn IDC’s newest analysis, The Subsequent Period of Cloud Safety: Cloud-Native Utility Safety Platform and Past, to dive deep into the way forward for cloud safety—and what it means for chief data safety officers (CISOs), safety architects, and product leaders.
5 IDC insights into the evolving cloud safety panorama
1. One platform is quietly changing into a prime funding
IDC analysis discovered that cloud-native utility safety platforms (CNAPPs) are actually one of many prime three safety investments for 2025. Why? As a result of they’re fixing issues that legacy instruments can’t, defending cloud-native purposes all through their lifecycle—additional reinforcing the significance of ecosystems, consolidation, and extra.
2. The position of the CISO is evolving to align safety with enterprise priorities
In 37% of organizations, CISOs now have possession over cloud safety administration. IDC calls them “3D CISOs.” They don’t simply handle threat—they drive enterprise outcomes and digital innovation. These leaders are reshaping how safety is embedded throughout the group, from DevOps pipelines to boardroom conversations. IDC’s whitepaper particulars the expanded and evolving position of CISOs and their affect on bettering the general safety posture of organizations.
3. Software sprawl will increase prices and introduces vulnerabilities
Organizations are grappling with instrument sprawl, utilizing a median of 10 cloud safety instruments and infrequently including extra every year. This complexity—pushed by fragmented platforms, regulatory necessities, and integration challenges—creates blind spots and slows response instances. However stopping the sprawl isn’t straightforward. It requires a deliberate strategy, anchored in a unified safety platform that simplifies operations and strengthens safety. IDC analysis underscores this, highlighting how higher visibility and gear consolidation drive measurable good points in effectivity and price administration.
4. Generative AI is already altering the sport
Overlook the hype. Generative AI is delivering actual worth for cloud safety—from automated risk detection to sooner incident response, and extra. IDC’s information reveals how safety groups are utilizing generative AI, together with the way it can improve the capabilities of safety analysts and permit them to concentrate on extra advanced duties.
5. The longer term is built-in and autonomous
Safety leaders are shifting towards unified safety operations (SecOps) platforms that mix cloud-native safety, risk intelligence, and AI-powered automation. Some are exploring the brand new frontier of agentic AI—autonomous techniques that may detect, isolate, and remediate recognized cyberthreats with out human intervention. The IDC whitepaper explores what this future seems like—and the way shut we actually are.
Why mitigating safety threat issues now greater than ever
Cloud safety is a crucial enterprise crucial. As IDC places it, “Safety threat is enterprise threat.” The choices you make at this time will form your group’s resilience, agility, and skill to innovate tomorrow. Whether or not you’re a CISO or a cloud architect, this analysis presents a roadmap for navigating what’s subsequent. It’s not nearly shopping for new instruments. It’s about constructing a better, extra unified strategy to cloud safety.
Able to see what’s inside?
71% of organizations surveyed consider that over the following two years, it might be helpful for his or her group to spend money on a unified SecOps platform that features applied sciences corresponding to prolonged detection and response (XDR), endpoint detection and response (EDR), safety data and occasion administration (SIEM), CNAPP and cloud safety, generative AI, and risk intelligence. However that’s simpler mentioned than executed. And on this submit, we’ve solely scratched the floor. The complete IDC research covers:
- The evolving position of CNAPP in cloud safety.
- How CISOs are aligning safety with enterprise targets.
- The affect of generative AI and agentic AI on safety operations heart (SOC) operations.
- Methods for lowering instrument sprawl and bettering visibility.
- Steerage for integrating CNAPP with XDR, SIEM, and managed providers.
Innovate sooner with Microsoft
Microsoft’s built-in CNAPP, powered by industry-leading generative AI and risk intelligence, unifies safety throughout your complete utility lifecycle. With complete visibility, real-time cloud detection and response, and proactive threat prioritization, it protects your trendy cloud and AI purposes from code to runtime.
Microsoft empowers your safety groups to determine, prioritize, and mitigate dangers early, adhere to compliance and regulatory necessities, stop cloud breaches, and keep forward of rising cloud and AI cyberthreats. Innovate securely, shortly, and confidently, throughout hybrid and multicloud environments.
Study extra
Learn IDC’s full whitepaper, The Subsequent Period of Cloud Safety: Cloud-Native Utility Safety Platform and Past.
Study our new e-book: The 5 generative AI safety threats it is advisable to know.
Signal as much as learn the quick-start e-book to Executing cloud-native utility safety platform (CNAPP) technique.
Study extra about Microsoft Defender for Cloud.
To be taught extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our knowledgeable protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.
