Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.

With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud resources.

Reality, however, isn’t so cut-and-dry. Here’s a look at the current state of public perception, where enterprises still encounter cloud issues and how familiar concerns have a new focus: AI.

Public perception on cloud computing

Cloud computing has always had a perception problem. From the perspective of enterprise C-suites and IT teams, public clouds meant bigger attack surfaces combined with lower visibility, giving attackers the upper hand.

Meanwhile, from the perspective of consumers — which all C-suite and IT team members become on their days off — the cloud came with massive potential. From file and photo storage to streaming video services and worldwide e-commerce, the public cloud quickly became commonplace in public life.

So why the disconnect? In large part, enterprises were concerned about the man behind the curtain. While many providers were long on promises, they were short on details. The result was a “shared responsibility” model that saw both customer and provider playing a role in data defense, but neither one was entirely clear on what that role entailed. This was exemplified by a Capital One data breach in 2019, which saw both the bank and its cloud partner, AWS, under scrutiny for their security.

To help address these concerns, cloud providers doubled down on security. In 2021, Amazon, Google, IBM and Apple pledged $30 billion to help address growing security concerns. It worked: In 2024, 94% of businesses reported improvement in security after moving to the cloud. Or consider the results of Flexera’s State of the Cloud Report: In 2020, security was the top concern among executives. In 2024, security has fallen to second place.

The data tells the tale: Enterprise public cloud perception is changing.

Slowly.

Strengthen your cloud defenses

Ongoing cloud challenges

While cloud providers have made significant strides in addressing security concerns, other issues remain.

For example, the top challenge in Flexera’s 2024 State of the Cloud Report is managing cloud spend, cited by 82% of enterprises, while lack of resources and expertise comes in third with 79%.

When it comes to cloud spending, there’s no easy answer. In fact, ease is sometimes the issue. As providers streamline the process of purchasing, deploying and integrating cloud-based applications and services, it’s easy for enterprises to lose track of exactly what they have, exactly where it is and exactly how much it costs.

It’s no surprise that spending shows up twice on the Flexera report: Once in the top spot for cloud spend at large and again in fourth place as companies struggle to manage software licenses across multiple clouds and applications.

Lack of resources and expertise, meanwhile, remains a persistent challenge for enterprises. According to research from Software One, 95% of businesses now face a cloud and IT skills gap. While upskilling current staff can help reduce the impact of this gap, the expansion of public cloud environments creates the longer term problem of doing more work with fewer people. While it’s possible to task IT teams with handling the public cloud in addition to other line-of-business objectives, the results can lead back to the original concern with cloud deployments: Reduced security.

What’s old is new again

Even as enterprises come to terms with the necessity and ubiquity of the cloud, a new challenge has emerged: AI.

Much like the public cloud, artificial intelligence has the potential to change the way enterprises do business. But it also opens new avenues for security compromise, leading many companies to remain cautious of AI adoption.

In some cases, this means limiting the scope of AI in enterprise environments. For example, organizations might leverage AI in process automation but shy away from using generative tools for content creation or sales efforts. They might deploy AI solutions to analyze disparate data but only trust humans to turn output into action.

The result is a perceptive landscape that is both similar and distinct from its cloud predecessor. Consider recent data from Gartner, which found that the top concern cities by companies in Q2 2024 were AI-enhanced malicious attacks. This aligns with historic worries about the public cloud as a path to compromise — if attackers could access shared resources, they could potentially cause inter-departmental chaos.

AI, however, comes with a unique concern: Evolution. While cloud-based threats made use of expanded attack surfaces, they remained fundamentally the same as their previous-generation counterparts: If tools didn’t work, it was back to the drawing board for malicious actors.

In the case of AI, meanwhile, code isn’t static. Instead, both failure and success inform the next iteration of ransomware tools or Malware-as-a-Service offerings. This ongoing improvement is similarly present on the protective side of AI adoption, but in both cases — attack and defense — the approach to AI is naturally different than that of the cloud.

The reality of cloud security

Cloud security has evolved from nebulous assurance to core component of public offerings. The results speak for themselves: More enterprises are adopting the public cloud, more enterprises are reporting improved security and fewer companies are citing security as their to-cloud challenge.

AI, meanwhile, has stepped up to take on the role of top security concern. In much the same way as cloud computing, some concerns around AI security are overblown — as the market diversifies and standardization becomes critical, companies can expect common security issues to be effectively resolved.

Where AI and cloud go their separate ways, however, is in the evolution of future threats. While cloud frameworks have changed to meet new corporate needs, they remain fundamentally bound by basic infrastructure. AI has no such limits, making it harder to predict the course of its development over time.

The reality? Cloud perception has shifted to reward. The rise of AI, however, now underpins a renewed focus on enterprise cybersecurity risk.

More from Cloud Security

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Cloud threat report: Possible trend in cloud credential “oversaturation”

3 min read - For years now, the dark web has built and maintained its own evolving economy, supported by the acquisition and sales of stolen data, user login credentials and business IP. But much like any market today, the dark web economy is subject to supply and demand.A recent X-Force Cloud Threat Landscape Report has shed light on this fact, revealing a new trend in the average prices for stolen cloud access credentials. Since 2022, there has been a steady decrease in market…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today