New research by Qualys and Dark Reading exposes how complexity, misconfigurations, and talent shortages are putting cloud and SaaS environments at risk
“Traditional security methods can’t keep up with the speed and scale of cloud environments.”
– Shilpa Gite, Qualys
As cloud and SaaS adoption continues to surge, organizations are facing a new generation of security challenges — and many are struggling to keep up. A new study commissioned by cybersecurity leader Qualys and conducted by Dark Reading paints a revealing picture of the modern enterprise’s security posture in the cloud: fragmented tools, misconfigurations, unpatched vulnerabilities, and reactive risk management.
According to the report, nearly 20% of security professionals admit they struggle to apply security patches and updates in cloud and web applications — a vulnerability that leaves businesses exposed to increasingly sophisticated attacks. Even more concerning, a significant number of organizations still rely on infrequent security assessments, with some conducting them only once a year.
The research shows that 57% of companies use multiple cloud providers, while 58% have five or more SaaS applications enterprise-wide. This complexity often forces security teams to juggle data from disparate tools — 60% say they reconcile outputs from two or more platforms — leading to inefficiencies and gaps in visibility.
Despite high adoption, few organizations have made the shift to continuous security monitoring. Instead, many still rely on quarterly or annual assessments that fail to keep up with the rapid pace of cloud changes and updates.
Security professionals are most concerned about costs, system reliability, and limited skilled personnel, with threats ranging from account hijacking and phishing to ransomware and APTs. One of the most persistent problems is misconfiguration, cited as a top concern by 24% of cloud users and 33% of SaaS users.
“The data shows in stark relief the real-world challenges defenders face when it comes to shoehorning traditional security practices into dynamic multi-cloud and SaaS environments,” said Shilpa Gite, Senior Manager, Cloud Security Compliance at Qualys.
A Call for Unified, Automated Security
To combat these challenges, Qualys recommends organizations adopt a comprehensive, unified approach to cloud security that includes:
- Continuous monitoring and assessment to detect real-time threats
- Integrated platforms to consolidate tools and improve visibility
- Strong identity and access management (IAM) practices
- Security automation for patching, configuration management, and incident response
- AI-powered threat detection and response to tackle advanced threats
As organizations continue to migrate workloads and data to the cloud, it’s clear that reactive, siloed security strategies are no longer sufficient. A modern, proactive approach is not just advisable — it’s essential.
