Hybrid and multi-cloud setups now dominate enterprise operations, with 88% of organizations spanning such environments, up from 82% a year earlier, according to Fortinet’s 2026 State of Cloud Security Report. This shift, driven by business expansion and modernization, has amplified attack surfaces through proliferating configurations, permissions, non-human identities, and data flows across providers. Yet, security teams grapple with a deepening divide—what the report terms a “complexity gap”—between the rapid evolution of these environments and their capacity for real-time visibility, detection, and response.

The survey of 1,163 cybersecurity professionals worldwide reveals budgets are rising—62% expect increases, with 35% of total security spend already cloud-focused—but maturity lags. “There is a structural mismatch between the velocity of modern cloud environments and security teams’ ability to maintain consistent visibility, detection, and response in real time,” the report states. Three core factors fuel this: fragmented tools, AI-accelerated threats, and talent shortages.

Almost 70% of respondents identify tool sprawl and visibility gaps as the primary barriers to effective cloud security, forcing manual correlation of alerts across incompatible systems, as detailed in Fortinet Blog.

Fragmented Tools Amplify Blind Spots

Disconnected security solutions proliferate without coordination, yielding inconsistent controls and end-to-end blind spots. Nearly 70% of organizations cite this as the top hindrance, per the Fortinet report. “Cybersecurity teams are forced to manually correlate alerts from multiple systems that were not designed to work together,” it notes. Adoption of tools like Cloud Security Posture Management (67%) and Cloud-Native Application Protection Platforms (62%) is rising, yet integration friction persists.

81% rely on two or more cloud providers, up from 78%, with 29% using over three, expanding the sprawl. Top vulnerabilities include identity and access management flaws (77%), misconfigurations (70%), and data exposure (66%), per analysis in WebProNews. This fragmentation slows responses, with only 11% achieving autonomous remediation.

64% would rebuild strategies around single-vendor platforms uniting network, cloud, and application security to cut friction and boost visibility, the report finds.

Attackers Leverage AI at Machine Speed

Threat actors wield automation and AI to scan misconfigurations, map permissions, and expose data faster than human defenses react. “Threat actors are employing automation and AI to uncover misconfigurations, map permission paths, and identify exposed data faster than human-led defenses can respond,” states the Fortinet report. 66% lack strong confidence in real-time cloud threat detection—a 16-point drop from prior years.

Defenders lag: 32% limit AI to pilots, 18% have full operational AI detection. “The velocity of AI adoption is fundamentally changing how cloud environments are managed and expanding the attack surface at a speed that outpaces traditional security models,” says Vincent Hwang, Fortinet’s vice president of cloud security, in MSSP Alert. Attackers face no such constraints, compressing exposure-to-exploitation timelines.

59% rate cloud security maturity at early stages, per Security Brief.

Talent Shortages Stretch Teams Thin

74% report active shortages of qualified professionals, 77% worry about industry-wide gaps, hitting cloud roles spanning infrastructure, identity, data, and apps hardest. 76% face expertise voids in cloud-specific skills. This leaves teams overwhelmed, missing signals amid sprawl.

“Organizations need to adopt a security platform approach that integrates across its solutions and more broadly with a large third-party ecosystem,” Hwang told MSSP Alert. “Doing so can help strained security operations teams find and resolve risks and threats faster by increasing the signal-to-noise ratio.” Platforms like Fortinet’s Security Fabric address this, though “real-world friction” from licenses and rip-and-replace fears slows shifts.

An open approach allows gradual consolidation, he adds.

MSSPs Emerge as Force Multipliers

Managed security service providers can guide platform adoption, deliver missing services, and counter AI threats. “MSSPs can help close this [complexity] gap by guiding customers on implementing platform architectures,” Hwang said. Flexible models like Fortinet’s ForiFlex enable scaling without upfront risk: “Post-paid consumption models reduce upfront investment and financial risk, making it easier to launch new offerings.”

Fortinet’s recent FortiCNAPP enhancements unify cloud posture, identity, vulnerabilities, data security posture management, network enforcement, and runtime validation. “By unifying network enforcement, data sensitivity, and runtime validation within FortiCNAPP, we’re enabling customers to move from alert overload to clear, prioritized action,” says Nirav Shah, Fortinet senior vice president of products, in the Fortinet press release.

“FortiCNAPP gives us visibility across identities, workloads, and vulnerabilities… like a continuous auditor,” notes Huy Ly, head of global IT security at Monolithic Power Systems.

Platform Principles Chart the Path Forward

Fortinet outlines five principles: unified visibility across accounts and workloads; tool rationalization; linking risk domains; automating low-risk resolutions; extending to networks, SaaS, endpoints. Global cybersecurity platform market eyes $55 billion by 2033 from $28 billion last year.

61% cite security/compliance as top cloud barriers. As AI pursuits intensify, resilient foundations are vital. “For organizations pursuing AI strategies, this becomes even more important to ensure a secure foundation,” the report urges. Recent X discussions, like from @ExpComputer, flag the report’s warnings on widening gaps.

Enterprises must prioritize consolidation, upskilling, and integrated ecosystems to bridge the divide, lest AI-armed foes exploit the fractures.