While artificial intelligence (AI) garners outsized attention of late, organizations of all sizes continue investing in a wide range of cloud computing services and technologies to build out their infrastructure and support numerous initiatives.
For example, recent Gartner research finds that spending on sovereign cloud infrastructure as a service (IaaS) – virtualized computing, storage and networking resources that are physically and legally bound within a specific country or territorial jurisdiction – is expected to reach $80 billion in 2026 as businesses and government agencies seek out alternative services and providers during a time of increasing geopolitical uncertainty.
Sovereign cloud IaaS is merely one area of the cloud computing business that continues to grow.
These cloud technologies must also be secured from various cyber threats. Businesses and government agencies often struggle to ensure visibility, detection and response to attacks and breaches that can target cloud applications and services.
Research from security firm Fortinet finds that the three largest obstacles organizations face in cloud security are fragmented defenses, cybersecurity teams stretched too thin, and threat actors using AI tools to their advantage.
That survey, based on responses from more than 1,600 cybersecurity professionals and leaders, found that 74 percent of respondents report an active shortage of qualified cybersecurity professionals and another 59 percent remain locked in the early stages of cloud security maturity.
“This shortage amplifies the fragmentation problem. Disconnected tools generate a volume of alerts that exceed the capacity of understaffed teams. Analysts are forced to expend critical hours manually correlating data across consoles – time that should be spent on higher-value analysis,” according to the Fortinet report. “Policies drift – requiring tuning across multiple platforms – and the operational burden grows while the workforce remains stagnant.”
Cybersecurity experts also see that as cloud adoption accelerates – especially as these platforms and services support AI tools – IaaS and SaaS applications grow more vulnerable to attacks. In turn, the need for cybersecurity professionals who understand these issues increases.
“Cloud adoption across IaaS, PaaS and SaaS has become increasingly fragmented, and many teams are trying to manage that complexity by adding more tools to the stack. This approach is failing,” Diana Kelley, CISO of Noma Security, recently told Dice. “This matters because, as AI adoption accelerates, attackers are operating at machine speed, using automation to outpace defenders who are still constrained by siloed controls and incomplete context.”
The ongoing adoption of cloud technologies, the security challenges that come with these investments and the need for talent are significant issues that will confront organizations this year. Cybersecurity professionals with the right skill sets are well positioned for career opportunities.
What Cybersecurity Issues Affect Cloud Services?
As cloud environments expand across multiple service providers, the number of identities, configurations and data paths is growing rapidly. Attackers, in turn, are taking advantage of this complexity by using automation and AI, moving faster than traditional, alert-driven security operations can respond, said Shane Barney, CISO at Keeper Security.
Complicating this picture is the fact that AI workloads depend on dynamic access to sensitive data, service accounts and APIs, which significantly increases the impact of misconfigurations or overprivileged access within these cloud environments.
Without strong identity governance and consistent least-privilege enforcement, AI can amplify risk instead of enabling innovation, Barney added.
“Cloud security can no longer depend on assumptions about time, visibility or manual response. AI-enabled privileged access management is critical to limiting the blast radius when an attack occurs. Security teams need to treat non-human identities and automation with the same rigor as human administrators, enforce least privilege by default and monitor behavior, not just permissions,” Barney told Dice. “As attackers automate their own decision-making, defenders need the same ability to understand actions and intent immediately, not just record activity for later review … In a cloud environment where attackers can reason and act in minutes, any standing privilege is an open invitation.”
The ongoing adoption of cloud computing technologies and platforms means that organizations need to focus on leveraging modern tools that offer comprehensive analytics capable of processing large volumes of data to identify and prioritize security risks and vulnerabilities.
These changes require businesses and government organizations to invest more in policy-based automation and security orchestration tools that allow their security teams to respond to threats quickly and at scale. It is crucial for cybersecurity professionals who are protecting cloud services to continually update their education and skill sets to keep up with these challenges, said Amit Zimerman, co-founder and chief product officer at Oasis Security.
“For example, offering specialized cloud security training and certifications, such as Amazon Web Services, Microsoft Azure or Google Cloud security credentials, can help fill any expertise gaps,” Zimerman told Dice. “Investing in hands-on, scenario-based training can ensure teams are equipped to handle real-world security incidents efficiently.”
The Fortinet research makes clear that many organizations still struggle with developing a comprehensive cloud security strategy. Specifically, 7 in 10 respondents noted that tool sprawl and visibility gaps are their top barriers to effective cloud security.
This is why Nicole Carignan, senior vice president for security and AI strategy at security firm Darktrace, believes that organizations need cyber professionals skilled in cloud and AI to create effective defenses.
“Faced with limited resources, organizations need to ensure their technology is helping to augment the expertise and skills that they do have. Organizations should seek integrated solutions purpose-built for cloud data rather than trying to retrofit on-prem tools,” Carignan, who is also the field CISO at Darktrace, told Dice. “With the right implementation, AI can significantly enhance visibility and threat detection across multi-cloud, hybrid and on-premise environments. AI-powered agentless cloud solutions can reduce the complexity and costs associated with installing and maintaining agents on cloud resources. They reduce the performance impact on cloud workloads and can streamline security deployment across large, dynamic environments.”
How Can Cyber Professionals Increase Cloud Security Skills?
While hiring across the entire tech sector has slowed over the last two years, with layoffs increasing and fewer open positions, cloud security remains one area that offers multiple opportunities for cyber professionals. A report by the National Cybersecurity Alliance found that cloud security engineer is a sought-after role in the field, along with penetration tester and cybersecurity consultant.
Along with AI and zero trust, cloud security is an area that requires constant education for cybersecurity professionals to stay on top of developments and trends in the field, said Piyush Pandey, CEO of Pathlock.
“The skills to recognize and effectively manage this shift are beginning to emerge. To stay ahead of the rapidly evolving cybersecurity landscape, continuously learn and adapt to innovations like AI. Flexibility is your key to tackling the challenges of the field and building a successful career in cybersecurity,” Pandey told Dice.
Jason Soroko, a senior fellow at Sectigo, believes that cyber pros interested in cloud security must study how operating systems work. At the same time, focusing on networking helps form a foundation for understanding and mitigating security threats as well as providing insights into how threat actors think.
Strong communication skills are as vital as technical skills for pros who aspire to rise to management positions. The ability to explain complex technical issues to nontechnical stakeholders is invaluable. Problem-solving and critical-thinking skills are crucial for identifying and addressing security challenges effectively.
“Emerging areas like cloud security, along with high-demand sectors such as healthcare and financial services, offer numerous opportunities. Joining professional associations like ISC2 and ISACA and continuously learning through industry news, webinars and conferences will help keep your skills up to date and expand your professional network. By focusing on these areas, you can build a robust career,” Soroko told Dice.