Notifications
Clear all
Topic starter
07/06/2026 9:19 pm
TL;DR: Cloud security tools now span CSPM, DSPM, CWPP, CASB, CIEM, CDR, IAM, API security, and backup layers because multi-cloud sprawl, shared responsibility, and regulatory pressure have outgrown perimeter models, according to Cyera. The real issue is that cloud security has become an identity and entitlement problem, not just a tooling problem.
NHIMG editorial — based on content published by Cyera: Top 10 Cloud Security Tools: Guide (2025 Updated)
By the numbers:
- 25% of companies report IT downtime costs between $301,000-$400,000 per hour.
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should security teams choose between CSPM, DSPM, and CIEM?
A: Start with the control gap you need to close.
Q: Why do cloud security tools still fail when organisations have IAM in place?
A: Because IAM implementation is not the same as entitlement hygiene.
Q: How do organisations reduce cloud identity risk without slowing delivery?
A: Tie governance to lifecycle events instead of relying on ad hoc reviews.
Practitioner guidance
- Inventory non-human identities first Build a complete register of service accounts, API keys, tokens, and certificates across every cloud account, then reconcile that inventory against owners and business purpose.
- Prioritise entitlement reduction before tool expansion Review CIEM findings for unused and excessive permissions, then remove access that is not required for current business tasks.
- Classify data before tightening controls Use DSPM to identify where sensitive data lives, then align cloud access policies to the systems that actually store or move that data.
What's in the full article
Cyera's full guide covers the operational detail this post intentionally leaves for the source:
- Category-by-category evaluation criteria for CSPM, DSPM, CWPP, CASB, CIEM, and CDR
- Provider-specific examples for AWS, Azure, and Google Cloud security tooling
- Selection guidance for CNAPP versus best-of-breed deployment models
- Implementation and pricing considerations for teams planning a rollout
👉 Read Cyera's guide to the top 10 cloud security tools for 2025 →
Cloud security tools in 2025: are identity controls keeping up?
Explore further
08/06/2026 9:13 am
Cloud security tooling has become an identity governance stack in disguise. The article lists many categories, but the practical differentiator is whether a tool can constrain access, not simply detect risk. Once cloud workloads, APIs, and data flow across providers, the decisive control becomes entitlement quality and credential hygiene. Practitioners should read cloud security as IAM and NHI governance with extra telemetry, not as a separate domain.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs , Key Challenges and Risks.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: What should teams do when cloud tools report too many alerts?
A: Use risk ranking, ownership, and data sensitivity to suppress low-value noise. If an alert does not map to a privileged identity, sensitive dataset, or externally reachable control, it should not compete with true escalation paths. Alert volume only becomes useful when it is tied to business impact.
👉 Read our full editorial: Cloud security tools in 2025 expose the identity governance gap
