New Study Reveals Key Challenges in Cloud and SaaS Security
New Study Reveals Key Challenges in Cloud and SaaS Security
News Desk -
Share
New research by Qualys, conducted by Dark Reading, highlights the growing challenges in cloud and SaaS security. The study reveals that security professionals are grappling with complexities in protecting cloud assets, managing risks, and navigating the intricacies of multi-cloud environments.
Cloud adoption is now widespread, with 57% of organizations using two to three cloud providers and 58% deploying at least five SaaS applications across the enterprise. However, this complexity brings significant challenges. 60% of professionals are managing outputs from multiple cloud and SaaS security tools, making the process inefficient and difficult to optimize.
Security teams are also facing several pain points. 54% of respondents cited cost as a major concern, followed by 36% worried about system reliability and performance. Additionally, 27% pointed out the lack of skilled professionals in cloud security as a barrier. The growing threat landscape, including risks like phishing, ransomware, and DDoS attacks, only adds to the pressure.
One of the biggest risks identified is misconfigurations. 24% of cloud professionals and 33% of SaaS professionals flagged this as a top concern, but the actual scope of misconfigurations is believed to be much larger. Despite this, many organizations perform security assessments infrequently—with 18% doing so quarterly for cloud and 11% for SaaS.
The study also highlights the vulnerability patching issue. 39% of enterprises worry about unpatched vulnerabilities in web applications, and 23% are concerned about vulnerabilities in cloud environments. Additionally, almost 1 in 5 organizations face difficulties in applying necessary security updates.
Response times are also a challenge. 49% of respondents cited a shortage of skilled workers, 46% pointed to limited visibility, and another 46% highlighted the complexity of cloud-based incidents as the main reasons for sluggish responses.
According to Shilpa Gite, Senior Manager of Cloud Security Compliance at Qualys, the findings show the difficulties organizations face when applying traditional security methods to dynamic cloud and SaaS environments. She stressed the need for a comprehensive security approach that integrates continuous scanning, automated remediation, and AI-powered threat detection.
To improve cloud and SaaS security, experts recommend continuous monitoring to detect vulnerabilities in real time, using unified security platforms for better visibility and policy enforcement, and strengthening identity and access management (IAM) practices. Automation is also key to improving efficiency and minimizing human error. Investing in AI-driven threat detection will help organizations stay ahead of increasingly sophisticated attacks.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tahawul Tech
28-05-2025
- Tahawul Tech
The Museum of the Future Archives
Commvault, a global enterprise leader in data management across on-premises, cloud, and SaaS environments, today announces its Connections on the Road event in Dubai will take place at the Museum of the Future on 11 May 2023.
TECHx
28-05-2025
- TECHx
Qualys TotalAI Enhances LLM Security Features
Home » Tech Value Chain » Global Brands » Qualys TotalAI Enhances LLM Security Features Qualys, Inc. (NASDAQ: QLYS) has announced major updates to its Qualys TotalAI solution. The enhancements aim to secure the complete MLOps pipeline, from development to deployment. The company revealed that organizations can now test large language models (LLMs) more rapidly, even during development cycles. These updates bring stronger protection against new threats and introduce on-premises scanning with an internal LLM scanner. As AI adoption accelerates, security remains a critical concern. A recent study reported that 72% of CISOs are worried generative AI could cause breaches. Enterprises need tools that balance innovation with secure implementation. Tyler Shields, principal analyst at Enterprise Strategy Group, emphasized the importance of security. He noted that Qualys TotalAI allows only trusted, vetted models in production, helping organizations manage risk while remaining agile. Qualys TotalAI addresses AI-specific risks. It tests models for jailbreak vulnerabilities, bias, sensitive data leaks, and threats aligned with the OWASP Top 10 for LLMs. The solution goes beyond infrastructure checks and supports operational resilience and brand trust. Key updates include: Automatic risk prioritization: Using MITRE ATLAS and the Qualys TruRisk™ engine, risks are scored and ranked for faster resolution. Secure development integration: On-premises LLM scanning enables in-house testing during CI/CD workflows, improving agility and protection. The platform also detects 40 types of attack scenarios. These include jailbreaks, prompt injections, bias amplification, and multilingual exploits. These scenarios simulate real-world tactics to improve model resilience. Another update is protection from cross-modal exploits. TotalAI can now detect manipulations hidden in images, audio, and video files meant to alter LLM outputs. Sumedh Thakar, president and CEO of Qualys, said the solution offers visibility, intelligence, and automation across AI lifecycles. He added that TotalAI helps companies innovate confidently while staying ahead of emerging threats. Qualys TotalAI is now positioned as one of the most comprehensive AI security solutions available today.
Channel Post MEA
28-05-2025
- Channel Post MEA
Qualys Updates TotalAI Solution
Qualys has announced major updates to its TotalAI solution to secure organizations' complete MLOps pipeline from development to deployment. Organizations will now be able to rapidly test their large language models (LLMs), even during their development testing cycles, with stronger protection against more attacks and on-premises scanning powered by an internal LLM scanner. With the current rush of AI adoption, organizations are moving at an unprecedented pace – often without implementing foundational security controls necessary to manage risk. A recent study revealed 72% of CISOs are concerned generative AI solutions could result in security breaches for their organizations. Enterprises need a better solution to bridge the gap between innovation and secure implementation. As AI becomes a core component of business innovation, security can no longer be an afterthought,' said Tyler Shields, principal analyst at Enterprise Strategy Group. 'Qualys TotalAI ensures that only trusted, vetted models are deployed into production, enabling both agility and assurance across organizations' AI usage. This security helps organizations achieve their innovation goals while managing their risk.' Qualys TotalAI is purpose-built for the unique realities of AI risk, going beyond basic infrastructure assessments to directly test models for jailbreak vulnerabilities, bias, sensitive information exposure, and critical risks mapped to the OWASP Top 10 for LLMs. Taking a risk-led approach, TotalAI not only finds AI-specific exposures — it helps teams resolve them faster, protect operational resilience, and maintain brand trust. TotalAI delivers: Automatic Prioritization of AI Security Risks : Findings are mapped to real-world adversarial tactics with MITRE ATLAS and automatically prioritized through the Qualys TruRisk scoring engine, helping security, IT, and MLOps teams zero in on the most business-critical risks. : Findings are mapped to real-world adversarial tactics with MITRE ATLAS and automatically prioritized through the Qualys TruRisk scoring engine, helping security, IT, and MLOps teams zero in on the most business-critical risks. Faster, Safer AI Application Development: With the new internal on-premises LLM scanner, organization can now incorporate comprehensive security testing of their LLM models during development, staging, and deployment – all without ever exposing models externally. This shift-left approach, incorporating security and testing of AI-powered applications into existing CI/CD workflows, strengthens both agility and security posture, while ensuring sensitive models remain protected behind corporate firewalls. With the new internal on-premises LLM scanner, organization can now incorporate comprehensive security testing of their LLM models during development, staging, and deployment – all without ever exposing models externally. This shift-left approach, incorporating security and testing of AI-powered applications into existing CI/CD workflows, strengthens both agility and security posture, while ensuring sensitive models remain protected behind corporate firewalls. Enhanced Defense Against Emerging AI Threats: TotalAI now expands to detect 40 different attack scenarios, including advanced jailbreak techniques, prompt injections and manipulations, multilingual exploits, and bias amplification. The expanded scenarios simulate real-world adversarial tactics and strengthen model resilience against exploitation, preventing attackers from manipulating outputs or bypassing safeguards. TotalAI now expands to detect 40 different attack scenarios, including advanced jailbreak techniques, prompt injections and manipulations, multilingual exploits, and bias amplification. The expanded scenarios simulate real-world adversarial tactics and strengthen model resilience against exploitation, preventing attackers from manipulating outputs or bypassing safeguards. Protection from Cross-modal Exploits with Multimodal Threat Coverage: TotalAI's enhanced multimodal detection identifies prompts or perturbations hidden inside images, audio, and video files that are designed to manipulate LLM outputs, helping organizations safeguard against cross-modal exploits. 'AI is reshaping how businesses operate, but with that innovation comes new and complex risks,' said Sumedh Thakar, president and CEO of Qualys. 'TotalAI delivers the visibility, intelligence, and automation required to stay agile and secure, protecting AI workloads at every stage — from development through deployment. We are proud to lead the way with the industry's most comprehensive solution, helping businesses innovate with confidence, while staying ahead of emerging AI threats.' 0 0
