DIGITAL LIFE

Fortinet: the invisible risk of fragmentation in cloud security is real

A new study by Fortinet, released today, reveals that the complexity of modern digital environments constitutes a structural risk to business security. The 2026 Cloud Security Report indicates that 66% of organizations do not trust their ability to detect and respond to cloud threats in real time, an alarming figure in a scenario of accelerated digitization.

Although cloud investment now represents 34% of the total IT security budget, the effectiveness of defenses remains low. Currently, 88% of organizations operate in hybrid or multi-cloud architectures, which expands the attack surface at a rate faster than the management capacity of teams.

Fragmentation is the main obstacle: 69% of cybersecurity leaders identify the proliferation of distinct tools and visibility gaps as the biggest blocks to effective protection. This reality forces 59% of organizations to remain at early levels of security maturity.

Alongside technology, the human factor is a critical vulnerability. The Fortinet 2026 Cloud Security Report highlights that 74% of organizations face a shortage of qualified professionals. Without specialists, teams operate reactively and rely on manual alerts, delaying the response to critical incidents.

Critical cloud security metrics statistical----Statistical data

Lack of confidence in real-time response----66%

Hybrid or multi-cloud environments----88%

Shortage of qualified professionals----74%

Use of 2 or more cloud providers----81%

Preference for a unified security platform----64%

Faced with these challenges, there is a paradigm shift in defense strategy. Approximately 64% of organizations now express a preference for an approach based on a unified security platform, which eliminates fragmentation and allows for cross-functional visibility into critical workloads.

The 2026 Cloud Security Report was developed by Cybersecurity Insiders in collaboration with Fortinet, based on a global survey conducted in late 2025 with 1,163 cybersecurity professionals from various sectors, including financial services, technology, healthcare, and the public sector.

In 2026, fragmentation has emerged as a systemic risk in cloud security, driven by the rapid adoption of multi-cloud architectures, AI workloads, and decentralized identity systems. This "complexity gap" creates invisible vulnerabilities that are often exploited before organizations realize they exist.

The realities of fragmentation in 2026

Identity Sprawl (The "Dark Matter"): Organizations struggle with "orphan" accounts—active but untracked identities belonging to former employees or decommissioned services. Non-human identities (NHIs), such as bots and API agents, are frequently natively ungoverned, forming a shadow layer invisible to traditional security governance.

Tool Fatigue and Silos: Security teams often manage a "mystery basket" of disconnected tools. Adding more point products to a fragmented stack has proven counterproductive, leading to inconsistent controls and operational fatigue where 58% of enterprises find vulnerability detection increasingly difficult despite higher spending.

AI-accelerated risks: The deployment of AI agents in 2026 has amplified fragmentation risks. These agents require dynamic, often over-privileged access to sensitive data across different cloud environments, creating new attack vectors that operate at "machine speed".

Impact on security operations(below)

Operational disconnect: Most cloud security failures in 2026 stem from "coordination breakdowns" rather than technical ignorance. Fragmented stacks often report conflicting data, causing teams to prioritize the wrong risks or overlook actual threats.

Higher breach costs: Cloud-related incidents in 2026 cost nearly 20% more than standard data breaches, with average costs reaching approximately $4.7 million per incident.

Ineffective audits: Static, periodic audits are insufficient for 2026's ephemeral environments. By the time an audit report is generated, the cloud configuration has often already changed, leaving new gaps unaddressed.

Mitigation strategies for 2026:

To bridge the complexity gap, organizations are moving toward integrated, platform-driven strategies:

Platform consolidation: Shifting from siloed point tools to unified security platforms that provide a single source of truth for identity, configuration, and data across all clouds.

Continuous discovery & mapping: Implementing automated tools to constantly map the entire attack surface and identify ephemeral or shadow resources in real-time.

Identity-first security: Prioritizing modern Privileged Access Management (PAM) and Zero Trust architectures to govern both human and non-human identities uniformly.

AI-powered defense: Using AI to sift through fragmented telemetry and autonomously manage micro-segmentation policies to contain threats at the speed they occur.

mundophone