TL;DR: Australian organisations are spending more on cloud security, with 92% planning budget increases, yet 40% of network traffic still lacks sufficient context and 97% say their detection tools have serious limitations, according to Illumio and the 2025 Global Cloud Detection and Response Report. Context, not tool count, is now the limiting control for containment and response.
NHIMG editorial — based on content published by Illumio: Cyber Resilience Australia’s Cloud Security Paradox: High Confidence, But Almost No Context
By the numbers:
- 92% of organizations plan to increase their cloud security spending this year, signaling a nationwide push to strengthen resilience in the face of growing cloud complexity.
- 40% of network traffic lacks sufficient context.
- 2, 061 alerts per day
Questions worth separating out
Q: How can organisations reduce alert fatigue from cloud security tools?
A: Reduce alert fatigue by filtering findings through runtime evidence, business context, and actual execution paths.
Q: Why does east-west visibility matter for cloud security?
A: East-west visibility matters because attackers often move laterally after initial access using legitimate credentials and approved protocols.
Q: What breaks when cloud traffic lacks context?
A: When cloud traffic lacks context, teams lose the ability to distinguish normal behaviour from malicious movement.
Practitioner guidance
- Map east-west traffic to identity and policy Baseline internal service communications against workload identity, approved destinations, and policy exceptions so analysts can tell routine traffic from suspicious movement.
- Reduce alert volume through correlation Correlate signals across cloud, network, and identity sources before they reach analysts, using shared entity context to suppress duplicates and elevate true attack paths.
- Measure containment by attribution speed Track how long it takes to explain a suspicious flow, identify the actor or workload, and decide whether segmentation or account action is required.
What's in the full article
Illumio's full blog covers the operational detail this post intentionally leaves for the source:
- The survey methodology behind the Australian cloud detection and response findings, including how the metrics were collected and interpreted.
- Per-metric breakdowns of visibility, alert fatigue, and downtime that support executive reporting and internal benchmarking.
- The article's explanation of how Illumio Insights maps traffic to attack paths and containment decisions in hybrid and multi-cloud environments.
- Implementation context for teams evaluating whether their current detection stack can actually reduce blast radius.
👉 Read Illumio's analysis of Australia's cloud security paradox and visibility gaps →
Cloud security paradox in Australia: are controls keeping up?
Explore further
Cloud visibility is now a governance control, not a monitoring feature. The article shows that organisations can spend heavily on cloud security and still lack the context needed to interpret traffic. That means visibility must be treated as an enforcement layer for policy, segmentation, and access review, not just a SOC dashboard. For practitioners, the lesson is that control assurance fails when runtime activity cannot be tied back to identity and intended communication paths.
A question worth separating out:
Q: How do organisations know whether IAM observability is actually working?
A: They should look for measurable reductions in dormant accounts, excessive privileges, unresolved exposure, and time needed to close high-risk findings. If observability only produces more alerts or more reports, it is not improving governance. The right signal is a shrinking identity attack surface and faster, more accurate remediation.
👉 Read our full editorial: Australia’s cloud security paradox shows visibility is lagging