09-04-2025
New Study Reveals Key Challenges in Cloud and SaaS Security
New Study Reveals Key Challenges in Cloud and SaaS Security
News Desk -
Share
New research by Qualys, conducted by Dark Reading, highlights the growing challenges in cloud and SaaS security. The study reveals that security professionals are grappling with complexities in protecting cloud assets, managing risks, and navigating the intricacies of multi-cloud environments.
Cloud adoption is now widespread, with 57% of organizations using two to three cloud providers and 58% deploying at least five SaaS applications across the enterprise. However, this complexity brings significant challenges. 60% of professionals are managing outputs from multiple cloud and SaaS security tools, making the process inefficient and difficult to optimize.
Security teams are also facing several pain points. 54% of respondents cited cost as a major concern, followed by 36% worried about system reliability and performance. Additionally, 27% pointed out the lack of skilled professionals in cloud security as a barrier. The growing threat landscape, including risks like phishing, ransomware, and DDoS attacks, only adds to the pressure.
One of the biggest risks identified is misconfigurations. 24% of cloud professionals and 33% of SaaS professionals flagged this as a top concern, but the actual scope of misconfigurations is believed to be much larger. Despite this, many organizations perform security assessments infrequently—with 18% doing so quarterly for cloud and 11% for SaaS.
The study also highlights the vulnerability patching issue. 39% of enterprises worry about unpatched vulnerabilities in web applications, and 23% are concerned about vulnerabilities in cloud environments. Additionally, almost 1 in 5 organizations face difficulties in applying necessary security updates.
Response times are also a challenge. 49% of respondents cited a shortage of skilled workers, 46% pointed to limited visibility, and another 46% highlighted the complexity of cloud-based incidents as the main reasons for sluggish responses.
According to Shilpa Gite, Senior Manager of Cloud Security Compliance at Qualys, the findings show the difficulties organizations face when applying traditional security methods to dynamic cloud and SaaS environments. She stressed the need for a comprehensive security approach that integrates continuous scanning, automated remediation, and AI-powered threat detection.
To improve cloud and SaaS security, experts recommend continuous monitoring to detect vulnerabilities in real time, using unified security platforms for better visibility and policy enforcement, and strengthening identity and access management (IAM) practices. Automation is also key to improving efficiency and minimizing human error. Investing in AI-driven threat detection will help organizations stay ahead of increasingly sophisticated attacks.
