{“lastseen”:”2025-11-06T19:15:06″,”description”:”Cloud security is at a tipping point. While moving to the cloud powers both growth and speed for organizations, it can also bring new risks. According to IDC\u2019s latest research, organizations experienced an average of nine cloud security incidents in 2024, with 89% reporting a year-over-year increase. That\u2019s not a typo. And it\u2019s not just a statistic\u2014it\u2019s a wake-up call. As cyberthreats grow more sophisticated and cloud environments more complex, security leaders must rethink their strategies to stay ahead of threat actors.\\n\\nBut what actually needs to change? And what should you be doing about it? Read IDC\u2019s latest research, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond, to dive deep into the future of cloud security\u2014and what it means for chief information security officers (CISOs), security architects, and product leaders.\\n\\nGet started with Microsoft Defender for Cloud\\n\\n## Five IDC insights into the evolving cloud security landscape\\n\\n### **1\\\\. One platform is quietly becoming a top investment**\\n\\nIDC research found that cloud-native application protection platforms (CNAPPs) are now one of the top three security investments for 2025. Why? Because they\u2019re solving problems that legacy tools can\u2019t, protecting cloud-native applications throughout their lifecycle\u2014further reinforcing the importance of ecosystems, consolidation, and more.\\n\\n### **2\\\\. The role of the CISO is evolving to align security with business priorities**\\n\\nIn 37% of organizations, CISOs now have ownership over cloud security management. IDC calls them \u201c3D CISOs.\u201d They don\u2019t just manage risk\u2014they drive business outcomes and digital innovation. These leaders are reshaping how security is embedded across the organization, from DevOps pipelines to boardroom conversations. IDC\u2019s whitepaper details the expanded and evolving role of CISOs and their impact on improving the overall security posture of organizations. \\n\\n### **3\\\\. Tool sprawl increases costs and introduces vulnerabilities**\\n\\nOrganizations are grappling with tool sprawl, using an average of 10 cloud security tools and often adding more each year. This complexity\u2014driven by fragmented platforms, regulatory requirements, and integration challenges\u2014creates blind spots and slows response times. But stopping the sprawl isn\u2019t easy. It requires a deliberate approach, anchored in a unified security platform that simplifies operations and strengthens protection. IDC research underscores this, highlighting how greater visibility and tool consolidation drive measurable gains in efficiency and cost management.\\n\\n### **4\\\\. Generative AI is already changing the game**\\n\\nForget the hype. Generative AI is delivering real value for cloud security\u2014from automated threat detection to faster incident response, and more. IDC\u2019s data shows how security teams are using generative AI, including how it can enhance the capabilities of security analysts and allow them to focus on more complex tasks.\\n\\n### **5\\\\. The future is integrated and autonomous**\\n\\nSecurity leaders are moving toward unified security operations (SecOps) platforms that combine cloud-native protection, threat intelligence, and AI-powered automation. Some are exploring the new frontier of agentic AI\u2014autonomous systems that can detect, isolate, and remediate known cyberthreats without human intervention. The IDC whitepaper explores what this future looks like\u2014and how close we really are.\\n\\nRead the new IDC whitepaper \\”The Next Era of Cloud Security\\”\\n\\n## Why mitigating security risk matters now more than ever \\n\\nCloud security is a critical business imperative. As IDC puts it, \u201cSecurity risk is business risk.\u201d The decisions you make today will shape your organization\u2019s resilience, agility, and ability to innovate tomorrow. Whether you\u2019re a CISO or a cloud architect, this research offers a roadmap for navigating what\u2019s next. It\u2019s not just about buying new tools. It\u2019s about building a smarter, more unified approach to cloud security.\\n\\n## Ready to see what\u2019s inside?\\n\\n71% of organizations surveyed believe that over the next two years, it would be beneficial for their organization to invest in a unified SecOps platform that includes technologies such as extended detection and response (XDR), endpoint detection and response (EDR), security information and event management (SIEM), CNAPP and cloud security, generative AI, and threat intelligence. But that\u2019s easier said than done. And in this post, we\u2019ve only scratched the surface. The full IDC study covers:\\n\\n * The evolving role of CNAPP in cloud security.\\n * How CISOs are aligning security with business goals.\\n * The impact of generative AI and agentic AI on security operations center (SOC) operations.\\n * Strategies for reducing tool sprawl and improving visibility.\\n * Guidance for integrating CNAPP with XDR, SIEM, and managed services.\\n\\n\\n\\n## Innovate faster with Microsoft\\n\\nMicrosoft\u2019s integrated CNAPP, powered by industry-leading generative AI and threat intelligence, unifies security across the entire application lifecycle. With comprehensive visibility, real-time cloud detection and response, and proactive risk prioritization, it protects your modern cloud and AI applications from code to runtime.\\n\\nMicrosoft empowers your security teams to identify, prioritize, and mitigate risks early, adhere to compliance and regulatory requirements, prevent cloud breaches, and stay ahead of emerging cloud and AI cyberthreats. Innovate securely, quickly, and confidently, across hybrid and multicloud environments. \\n\\n## Learn more\\n\\nRead IDC\u2019s full whitepaper, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond.\\n\\nLearn about our new e-book: The 5 generative AI security threats you need to know.\\n\\nSign up to read the quick-start e-book to Executing cloud-native application protection platform (CNAPP) strategy.\\n\\nLearn more about Microsoft Defender for Cloud.\\n\\nTo learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.\\n\\nThe post New IDC research highlights a major cloud security shift appeared first on Microsoft Security Blog.”,”published”:”2025-11-06T17:00:00″,”modified”:”2025-11-06T17:00:00″,”type”:”mssecure”,”title”:”New IDC research highlights a major cloud security shift”,”source”:””,”references”:””,”id”:”MSSECURE:53B6C7E52B3DFB7884161179465538A0″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/11\/06\/new-idc-research-highlights-a-major-cloud-security-shift\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-06T19:15:06″,”description”:”Cloud security is at a tipping point. While moving to the cloud powers both growth and speed for organizations, it can also bring new risks….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,110,13,33,7,11,5],"class_list":["post-25017","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-mssecure","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n