2025 is here and it’s time to talk predictions. Here are the five top cloud security trends that I predict will shape the year:
1. Risk Resolution will Embrace an IR Mentality
SecOps teams are becoming more involved in vulnerability management and risk resolution as incidents exploiting vulnerabilities known to the organization continue to rise. While security teams today have great visibility into cloud risks, significant delays in remediation provide attackers a large window of opportunity. In 2025, I expect that cloud exposure and risk management will increasingly be treated like incident response, with stricter SLAs for addressing critical and high-risk vulnerabilities. Organizations will build resolution plans very similar to IR plans driven by the fact that most cloud incidents are related to unhandled misconfigurations, cloud application flaws and permission-related risks. This shift will also be driven by regulations, which currently require critical and high vulnerabilities to be remediated within 15 and 30 days, respectively, according to CISA. I expect these timelines to shorten, and organizations will focus on implementing new processes, automation, and technologies to meet these evolving requirements and build a robust risk resolution plan that embraces IR mentality.
2. Agentic AI will be a Must Have
Advancements in GenAI have resulted in widespread adoption, especially in the field of cybersecurity, where it’s being used to increase efficiency and reduce manual tasks and workload. However, we’ve all experienced limitations with GenAI, especially when applied to more complicated tasks and workflows.
In 2025, Agentic AI will gain traction for solving more complex, multi-step problems. Rather than just automating the monotonous, Agentic AI will tackle challenges that even the largest, most advanced security team cannot. The concept of “what humans can’t fix, AI can” will become a reality, and Agentic AI will truly uplevel security teams. I see it as being especially valuable in remediation and mitigation, helping security teams efficiently find and implement the best solutions for each unique and complex problem.
3. Security Tax and Debt will get Your Board’s Attention
As the economy improves and security budgets return to normal, companies will increase investments in cloud security in the new year. Following the implementation of these new investments, companies will become more aware of cloud, application and infrastructure problems which will result in a growing backlog of security issues. As a result, security tax and debt will continue to rise. Security tax refers to the ongoing costs of not automating processes, which impacts daily operations. Security debt is the backlog of unresolved issues that represent long-term risk. I anticipate that things will get worse before they get better. Automation, Agentic AI, and leaving behind old school approaches will be key in helping security teams decrease security tax and debt and improve overall efficiency and security.
4. CSPs will Continue to Enhance Native Security Capabilities
Cloud Service Providers (CSPs) are shipping enhanced security features, including microsegmentation, monitoring, and permissions management, which are becoming default capabilities. We can expect this to evolve and intensify in the coming year.
As you may know, I’m a strong advocate for proactive security, and I believe that 2025 will see a shift toward risk reduction, rather than just increased risk visibility and prioritization in CSP-native offerings.
During the first days at AWS re:Invent, it was clear that they are making significant progress in this area. AWS is focusing heavily on risk resolution in their roadmap, with new capabilities aimed at supporting both security and DevOps teams. For example, AWS has really improved their virtual network to operate as a logical firewall between applications, APIs, and pods with VPC Lattice. This is a serious tool that can be used to mitigate risks, new vulnerabilities, and AppSec issues.
5. Mobilizing Security Controls will Gain More Momentum
The fact that cloud misconfigurations and other risks known to the organization remain a top initial access vector for incidents, security teams are actively looking for better ways to close the window of opportunity for attackers. Already, and even more so in 2025, I believe that mobilizing existing security controls and services will be a go-to approach for reducing cloud exposure for two main reasons:
- Remediation takes time. Attackers are exploiting risks faster than security teams can remediate them. According to Mandiant, the average exploit time is now just 5 days, whereas remediation often takes months.
- Remediation is not always possible. There are many scenarios where remediation is just not possible, perhaps a patch isn’t yet available, or the current infrastructure can’t support an upgrade. This is the case more than half of the time.
Many organizations already recognize that mobilizing existing security controls and cloud-native services is a critical SecOps capability in reducing exposure immediately.
A new category recently introduced by Gartner, known as ASCA (Automated Security Configuration Assessment), focuses on this, noting that proper configuration of security controls reduces risk exposure and helps organizations implement a robust CTEM program.
