Source: eugenesergeev/iStock/Getty images
A recent study conducted by 451 Research, a part of S&P Global Market Intelligence, examines the growth plans around cloud-specific security technologies such as cloud-native application protection platforms, expands on the key pain points experienced in securing the cloud and looks at features driving SaaS security platforms. It also explores the current combination of means by which organizational practitioners are securing their cloud workload footprints and examines the growth and mix of security technologies offered in cloud marketplaces.
The Take
On March 18 2025, Google announced the signing of a definitive agreement to acquire cloud security platform provider Wiz for $32 billion, the largest cybersecurity acquisition thus far. This follows a prior failed offer of $23 billion. The size of the deal and multiple on revenue have intensified focus on the cloud-native application protection platform (CNAPP) product space, bringing Google in competition with a host of hyperscaler-independent providers and more directly with Microsoft’s emerging Defender for Cloud. CNAPP can be a confusing product category, with several approaches in play, but most offerings contain integrated elements of cloud security posture management and cloud workload protection, sometimes accompanied by cloud infrastructure entitlement management (CIEM) and application security elements. Wiz is not purely CNAPP — it also has application security offerings under Wiz Code as well as cloud detection and response capabilities — but multicloud security is a leading market need driving this purchase.
Seventeen percent of respondents in this survey note that managing the proprietary stack across multiple cloud providers is a challenge, and another 17% cite a lack of effective tools to manage security across multiple clouds — a particular issue since multicloud has become the norm at organizations of scale. These conditions drive the adoption of CNAPP, which is in use by 23% of surveyed organizations, with projected short-term growth of an additional 28%. Just more than a third (35%) have longer-term plans to implement CNAPP.
Summary of findings
Loss of control of sensitive data leads the list of cloud-security-specific pain points in respondent citations at 21%, followed closely by compliance-related issues. Managing identities and permissions remains a challenge with 20% noting it as a key pain point. CIEM solutions, now implemented at 26% of surveyed organizations, are designed to address this problem. Challenges associated with multicloud — which for most large organizations means a primary cloud as well as a secondary and tertiary cloud — have given rise to the CNAPP product category, which is intended to manage cloud security concerns across multiple clouds. This need is reflected in the 17% of respondents who cite a lack of effective security tools for managing security across clouds, and the 17% who note complexity in leveraging the proprietary security stack at each cloud provider. Users reports that only around 47% of current cloud security tooling works across multiple clouds.
Most cloud security architectures are composed of three parts: the security tooling included as part of the default cloud offerings, security tools offered by the cloud provider at an additional cost and the third-party security product and services market for the cloud. Today, 63% are leveraging default tools, 56% pay the cloud provider for additional security tools, and 49% leverage the third-party security product market. When asked to project this composition forward into the next year, 46% plan additional spending with their cloud provider on premium security offerings and 40% plan additional spending on third-party security tools for the cloud. On average, about a third (33%) of overall security budgets are applied to securing cloud footprints.
Nearly half (47%) of organizations are still placing limitations on what can be hosted in the cloud, limiting usage to lower-risk applications. Two-fifths (42%) have no such restrictions; for them, the cloud is an appropriate hosting venue for any application independent of risk level or mission criticality to the business. Less than a tenth (8%) do not have any policy in place regarding what can be cloud hosted. Three-fifths (60%) of organizations surveyed expect that the first sign of trouble in case of a cloud data breach would be an alarm raised by the security monitoring infrastructure in place. A third (33%) believe their cloud provider would tell them, reflecting a lower maturity level negotiating the shared responsibility model present in cloud services. Just 5% believe they would find out from a credit card processor or law enforcement.
The Security Talent Gap is More Complicated Than You Think
Cloud marketplaces have evolved from a way for security vendors to offer cloud-specific offerings for a specific cloud provider toward a full-fledged procurement channel. This is largely because procurement has become easier, especially for organizations environments with otherwise rigid vendor processes, with features such as private offers, consolidated billing, having total spend count toward cloud service agreements and the ability to test solutions. Secure VPN (36%) is the most cited security technology procured via a cloud marketplace, followed by data security (35%) and endpoint security including EDR (28%).
Multi-factor authentication (MFA) is the most cited feature that would influence the purchase of security tooling designed to protect SaaS applications. In SaaS security posture management (SSPM) platforms, that often takes the form of integrations with an identity provider that provide visibility into MFA enrollment or authentication issues. The related issue of single sign-on is the third most cited feature. Data loss prevention comes in second, which, depending on the provider, may be part of SSPM architecture or an adjacent complementary offering, as SSPM concerns itself with detecting misconfigurations and monitoring user activity or configuration changes.
With a few well–publicized breaches or outages in recent years — including SolarWinds, Okta and CrowdStrike, where the proximate cause was related to the use of an information security tool — this survey sought to understand whether such events affect security practitioners’ use of those tools. More than a quarter (28%) say an event like that at scale would make them “very likely” to reconsider use of the tool, with an additional 51% “somewhat likely” to reconsider. In practical terms, dependence or lock-in, available market alternatives, and how the security product vendor responds to the breach or outage all play a role in whether such consideration manifests in actual tool replacement.
Want insights on Infosec trends delivered to your inbox? Join the 451 Alliance.
