A Lack of Spending Isn’t the Problem With Cloud Security, Structural Complexity Is
None
<p><span data-contrast="none">Organizations may have ramped up spending on cybersecurity but that hasn’t done much to keep defenders at least on pace with an attack surface that is growing like a weed—fueled in part by AI cloud adoption—and <a href="https://securityboulevard.com/2026/01/international-threats-themes-for-regional-phishing-campaigns/" target="_blank" rel="noopener">threats that are becoming ever more sophisticated</a>.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Two-thirds of organizations don’t have strong confidence that they can ferret out cloud threats and respond to them in real time, according to the newly released 2026 Cloud Security Report from Fortinet. It seems that bad actors are ahead of the game when it comes to using automation to their benefit, putting human defenders at a definite disadvantage.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Cloud environments are creating a complex landscape for security teams, and AI is having a significant impact on how they are managed. The report found that 88% of organizations now operate hybrid/multi-cloud environments, a tick up from the 82% reported last year. And for nearly as many, 81%, multiple providers handle critical workloads.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“As multi-cloud and hybrid infrastructure continue to become the standard, the need for visibility, security, and performance across environments will only grow,” says Sysdig CFO Walker.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The findings highlight “a critical ‘complexity gap’ where non-human identities are multiplying and “excessive permissions and stolen credentials create shadow access paths” across fragmented environments,” says Jason Soroko, senior fellow at Sectigo.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">And in keeping with an overall trend — 74% say they do not have enough qualified cybersecurity professionals on board to meet their challenges. That is particularly worrisome since 59% are early on in cloud maturity. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">That leaves security teams facing “two realities that hit hardest in the effort to be cyber-resilient, as AI adoption increases,” says Agnidipta Sarkar, chief evangelist at ColorTokens, with the first being “that talent shortages will continue to haunt us, and the second is that attackers will bypass defenses.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The report “captures a reality” that Diana Kelley, CISO at Noma Security, says she sees “every day” and “consistently hear(s) from practitioner peers.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Security teams are suffering from tool sprawl and visibility gaps (70%), typical hurdles for most defenders. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“Cloud adoption across IaaS, PaaS, and SaaS has become increasingly fragmented, and many teams are trying to manage that complexity by adding more tools to the stack,” says Kelley. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“The report shows that approach is failing,” she says, which “matters because as AI adoption accelerates, attackers are operating at machine speed, using automation to outpace defenders who are still constrained by siloed controls and incomplete context.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Ram Varadarajan, CEO at Acalvio, agrees, “Defenders are expending finite resources against adversaries whose AI automation is driving attack costs toward zero, a gap that’s not going to be closed by adding more disconnected defensive security tools.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“No one questions what tools were adopted as AI adoption increases,” says Sarkar. “But as the report highlights, after the initial chaos, questions will focus on why we have fragmented defenses, and yet so many security tools, without a focus on being ready for the next breach.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Cloud security challenges today are no longer about a lack of investment. “They are driven by structural complexity,” says Shane Barney, CISO at Keeper Security. “Organizations are spending more on cybersecurity, but fragmented tools, multi-cloud sprawl and persistent skills shortages are preventing that investment from translating into stronger protection.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">That might explain, then, why 64% of those surveyed would select a single-vendor security platform if they had to do it all again, rather than point solutions, indicating a shift to ecosystem-thinking. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/a-lack-of-spending-isnt-the-problem-with-cloud-security-structural-complexity-is/" data-a2a-title="A Lack of Spending Isn’t the Problem With Cloud Security, Structural Complexity Is "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fa-lack-of-spending-isnt-the-problem-with-cloud-security-structural-complexity-is%2F&linkname=A%20Lack%20of%20Spending%C2%A0Isn%E2%80%99t%C2%A0the%20Problem%20With%20Cloud%20Security%2C%20Structural%20Complexity%20Is%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fa-lack-of-spending-isnt-the-problem-with-cloud-security-structural-complexity-is%2F&linkname=A%20Lack%20of%20Spending%C2%A0Isn%E2%80%99t%C2%A0the%20Problem%20With%20Cloud%20Security%2C%20Structural%20Complexity%20Is%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fa-lack-of-spending-isnt-the-problem-with-cloud-security-structural-complexity-is%2F&linkname=A%20Lack%20of%20Spending%C2%A0Isn%E2%80%99t%C2%A0the%20Problem%20With%20Cloud%20Security%2C%20Structural%20Complexity%20Is%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fa-lack-of-spending-isnt-the-problem-with-cloud-security-structural-complexity-is%2F&linkname=A%20Lack%20of%20Spending%C2%A0Isn%E2%80%99t%C2%A0the%20Problem%20With%20Cloud%20Security%2C%20Structural%20Complexity%20Is%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fa-lack-of-spending-isnt-the-problem-with-cloud-security-structural-complexity-is%2F&linkname=A%20Lack%20of%20Spending%C2%A0Isn%E2%80%99t%C2%A0the%20Problem%20With%20Cloud%20Security%2C%20Structural%20Complexity%20Is%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>