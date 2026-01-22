Tool sprawl and visibility gaps are blocking companies from good security postures, report says

Around two in three agree they would prefer a unified security platform

Consolidation and automation are two of Fortinet's five recommendations

A new Fortinet report has confirmed cloud is now considered mission-critical for most businesses, underpinning many operations and their AI strategies - but it also comes with its downsides.

For example, cloud has massively expanded the attack surface beyond the scope of legacy cybersecurity tools.

As a result, more than two-thirds (69%) now blame tool sprawl and visibility gaps for creating cloud security barriers, and a similar number (66%) also admit they're not strongly confident in their ability to detect and respond to cloud threats in real-time, which marks an increase compared to the same data from one year ago.

Further amplifying the increased attack surface, 88% of organizations use hybrid or multi-cloud environments, and 81% use two or more providers which only adds to the complexity and risk.

As for the current state of cloud-focused security, automation mostly serves as an alerting tool with only 11% having autonomous remediation. Three in five (59%) companies rate their maturity as 'early stage', with some of the biggest risks identified across identity and access (77%), misconfigurations (70%) and data exposure (66%).

Clearly money isn't the issue, because more than half (62%) expect cloud security budgets to increase compared with just 5% who expect it to decrease. In fact, a not-so-insignificant 34% of IT security budgets are allocated to cloud security on average.

What Fortinet calls for is the simplification of tools – 64% agree they would prefer a unified security platform, rather than stitching together multiple tools.

Looking ahead, Fortinet offers five key principles to improve the state of multi-cloud security: establishing unified visibility across all accounts, data stores and workloads; tool consolidation; connecting multiple risk domains rather than treating each element in isolation; adding a layer of automation to resolve low-risk, high-volume issues; and extending security beyond cloud to networks, SaaS and endpoints.

