Navigating the Complexity of AI-Driven Cloud Security: Insights from Thales’ 2025 Global Cloud Security Study
As organizations increasingly adopt artificial intelligence (AI) and expand their cloud environments, securing these dynamic infrastructures has become a daunting challenge. Thales, a global leader in technology and cybersecurity, recently released its 2025 Cloud Security Study, conducted by S&P Global Market Intelligence’s 451 Research. The findings reveal that AI-specific security has emerged as a top enterprise priority, ranking second only to cloud security. Over half (52%) of respondents reported reallocating traditional security budgets to focus on AI security, reflecting a significant shift in how organizations are addressing the risks associated with AI adoption.
The study surveyed nearly 3,200 respondents across 20 countries, capturing diverse perspectives on cloud security challenges. It highlights that while cloud remains an essential component of modern enterprise infrastructure, many organizations are still grappling with the skills, strategies, and tools needed to secure it effectively. The complexity of cloud environments, combined with the growing use of AI, is amplifying risks and underscoring the urgent need for robust, adaptable protections.
Cloud Security: A Persistent Challenge
Cloud security remains a top concern for enterprises worldwide, with nearly two-thirds (64%) of respondents ranking it among their top five security priorities. Seventeen percent identified it as their number one priority, underscoring its critical importance. Meanwhile, security for AI—a new addition to this year’s list of spending priorities—ranked second overall, highlighting its growing significance. Despite sustained investments, cloud security remains a complex and persistent challenge that extends beyond technology to encompass staffing, operations, and the evolving threat landscape.
“The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale,” said Sebastien Cano, Senior Vice President of Cybersecurity Products at Thales. “With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it’s clear that security strategies haven’t kept pace with adoption. To remain resilient and competitive, organizations must embed strong data protection into the core of their digital infrastructure.”
Growing Complexity in Multi-Cloud Environments
The average organization now uses 2.1 public cloud providers, often alongside on-premises infrastructure. This hybrid approach adds layers of complexity to security operations. According to the study, 55% of respondents reported that securing cloud environments is more challenging than securing on-premises infrastructure—a 4-percentage-point increase from last year. This complexity is further compounded by the surge in Software-as-a-Service (SaaS) usage, with enterprises now averaging 85 SaaS applications. This proliferation contributes to security tool sprawl, making it harder for teams to maintain consistent policies and visibility across platforms.
The study found that 61% of organizations use five or more tools for data discovery, monitoring, or classification, while 57% rely on five or more encryption key managers. This fragmentation not only complicates security operations but also increases the risk of misconfigurations and vulnerabilities. As organizations grow through mergers, acquisitions, or organic expansion, managing this complexity becomes even more challenging.
Human Error and Access-Based Attacks Remain Top Threats
Cloud infrastructure continues to be a prime target for attackers, with human error remaining a significant vulnerability. According to the study, four of the top five most targeted assets in reported attacks are cloud-based. Access-based attacks, reported by 68% of respondents, highlight growing concerns around stolen credentials and insufficient access controls. Alarmingly, 85% of organizations say at least 40% of their cloud data is sensitive, yet only 66% have implemented multifactor authentication (MFA), leaving critical data exposed.
“Compounding this issue, four of the top five targeted assets in reported attacks are cloud-based,” said Eric Hanselman, Chief Analyst at S&P Global Market Intelligence’s 451 Research. “A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data. Strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience.”
Human error—from misconfigurations to poor credential management—remains a leading cause of cloud security incidents. These errors often stem from the lack of expertise and the overwhelming complexity of managing multiple cloud platforms. Organizations must address these gaps by investing in training, automation, and centralized security solutions.
Realigning Budgets for AI and Cloud Security
The study reveals that 52% of organizations are reallocating traditional security budgets to prioritize AI security. This reallocation reflects the growing recognition of AI’s transformative potential—and its associated risks. As AI initiatives drive more sensitive data into cloud environments, the need for robust protections becomes even more pressing. However, many organizations are struggling to balance these priorities with existing security needs.
To address these challenges, organizations must adopt a holistic approach to cloud and AI security. This includes embedding encryption and access controls into the design of cloud environments, leveraging advanced tools for data discovery and classification, and streamlining operations through centralized management platforms. Additionally, fostering collaboration between IT, security, and business teams can help align security strategies with broader organizational goals.
A Call to Action: Strengthening Cloud and AI Security
The findings of Thales’ 2025 Cloud Security Study underscore the urgent need for organizations to strengthen their cloud and AI security strategies. As cloud environments grow more complex and AI adoption accelerates, enterprises must prioritize building the skills, tools, and processes needed to secure these critical assets. By embedding strong data protection into the core of their digital infrastructure, organizations can enhance their resilience and competitiveness in an increasingly cloud-driven world.
In conclusion, the convergence of cloud and AI is reshaping the security landscape, presenting both opportunities and challenges. By addressing the root causes of complexity, tool sprawl, and human error, organizations can better protect their sensitive data and ensure the success of their AI initiatives. As Sebastien Cano aptly noted, “To remain resilient and competitive, organizations must embed strong data protection into the core of their digital infrastructure.” The time to act is now.
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.
The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.
Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion.
