Sysdig’s 2025 Cloud-Native Security and Usage Report identifies promising trends in how organizations are developing, using, and maintaining everything within their cloud environments. The eighth annual report shares the results of an analysis of millions of containers and cloud accounts. This year’s findings reveal several key areas that have improved, including cloud threat detection and response, AI security, and vulnerability management.
For enterprises developing cloud-native applications, this report will serve as a benchmark and a roadmap to further improve organizational security processes. For all of the progress made toward cloud security maturity, Sysdig’s 2025 report finds ample opportunity for improvement.
Continue reading to see where your organization may fall short. Download the full report to learn more.
AI adoption skyrocketed – and did so more securely
Last year, we reported cautious adoption of AI, with relatively low numbers. In this year’s report, that went out the window. We saw 500% growth in the number of workloads running AI or ML packages this year. The number of GenAI packages, specifically, more than doubled from 15% to 36%. Fortunately, organizations appear to be prioritizing the security of AI alongside this rapid implementation. We found that the percentage of workloads containing AI publicly exposed to the internet fell by 38% in just eight months. We also found a negligible number of critical and high vulnerabilities at runtime on those workloads. AI security is being taken very seriously and it shows — well done!
Under the harsh reality of identity management, there’s a silver lining
We looked beyond excessive permissions this year, realizing that for some, it is a known and accepted risk that supports expedited business operations (however it is still very much a risk, given that nearly 40% of breaches start with credential exploitation). Instead, we chose to look at how many accounts exist in a cloud environment to see identity management from another perspective. The data says that there is a 40,000x difference, on average, between the number of human users and service accounts connected to a cloud service provider. Even adjusted for outliers with poor service account provisioning and organizations using Azure, whose user counts are skewed, service accounts still outweigh human users. This is a cause for concern, given that service accounts are 7.5x more risky than human users. On the other hand, the report found indications that organizations are doing a better job configuring human user accounts. There are additional indications of maturity within identity management indicated in the report, too. Read the section titled “Manage humans, machines, and every identity in between” to learn more!
A proper defense takes (only a little) time
When it comes to securing your cloud, there’s always too much to do and not enough time to do it. Industry reports and security research show that threat actors are automating attacks, dwell time is decreasing, and new CVEs are being exploited within hours. In October 2023, the Sysdig Threat Research Team (TRT) even concluded that cloud attacks can unfold in 10 minutes or less. Needless to say, security teams are under immense pressure to keep their organizations safe. With all of that in mind, this year’s report analyzed defenders’ ability to outpace attackers and found that real-time detection alerts are received in less than 5 seconds, incident investigations can be completed in less than 4 minutes, and — of course — response actions can be automated. With the right tools and processes in place, mature security teams can have a leg up on attackers.
Secure clouds start with secure containers
Most modern cloud-native environments heavily rely on containerized workloads, making container security hygiene critical. For the second year in a row, we’ve found that organizations are clearly prioritizing vulnerability management. Enterprises across the spectrum have reduced the percentage of critical and high vulnerabilities at runtime to less than 6%. Container lifespan optimization also continues to be trending, but bear in mind that attackers can move quickly and short container lifespans require continuous monitoring. Unfortunately, package maintenance seems to have fallen by the wayside over the last year and image bloat has quintupled, a possible side effect of the AI boom.
Conclusion
Our takeaways from this year’s report give us ample reasons to be hopeful about the state of cloud security going into 2025. Organizations are properly prioritizing vulnerabilities, securing workloads using AI, and increasingly automating incident response. There is still work to be done in identity management, but there are some signs of increasing maturity. Since the dawn of cybersecurity, defenders have felt two steps behind threat actors — this year, we seem to be keeping pace. My two cents? Continue to adapt, never let your guard down, and stay focused on securing every second.
Want to learn more? Download the full Sysdig 2025 Cloud-Native Security and Usage Report.
The 2025 Cloud-Native Security and Usage Report
Are cloud defenders gaining ground? Get the latest insights and trends on how enterprises are advancing their security programs.