行业研究公司研究宏观策略财报招股书会议纪要稀土低空经济 DeepSeek AIGC 智能驾驶大模型

2025年云与AI安全状况调查报告

信息技术2025-11-01云安全联盟&Tenable大***

AI智能总结

核心观点与关键数据

混合云与多云架构主导：82% 的组织采用混合云架构，63% 使用多个云提供商。安全工具需实现跨云和本地环境的统一监控和风险优先级排序。
身份风险突出但管理不足：59% 的组织认为身份风险是云基础设施的首要风险，但许多依赖基本控制措施，缺乏深度治理。三大身份风险：过度权限（31%）、访问控制不一致（27%）、身份卫生薄弱（27%）。
专业知识差距导致领导层协调挑战：34% 的组织认为缺乏专业知识是最大的云安全挑战。这影响领导层协调、战略制定和资源分配。31% 的受访者认为高管对云安全风险的理解不足。
衡量事故而非预防：43% 的组织跟踪安全事件频率和严重性，而较少关注风险降低和弹性指标。平均 2.17 次云相关事故，但仅 8% 被评为“严重”。
AI 采用加速，安全准备不足：55% 的组织使用 AI 应用于业务需求，34% 已经历 AI 相关事故。常见 AI 事故原因：软件漏洞（21%）、AI 模型缺陷（19%）、内部威胁（18%）。但组织更担心 AI 特有风险，如模型操纵（18%）和未经授权的 AI 模型使用（15%）。
安全策略需要重置：许多高管仍认为云提供商工具“足够好”或云提供商应负责安全。20% 的组织优先考虑统一风险评估，仅 13% 关注工具整合。

研究结论

组织需从反应式转向主动式、基于风险的策略。
关键行动包括：跨混合云环境实现统一可见性和控制、成熟身份治理、扩展 KPI 以反映预防和弹性、提升领导层对运营现实的理解、将合规性作为 AI 安全的起点而非终点。
成功的关键在于建立结构以理解、优先处理和降低风险，而非事故发生后再应对。

© 2025 Cloud Security Alliance – All Rights Reserved. You may download, store, display on yourcomputer, view, print, and link to the Cloud Security Alliance at https://cloudsecurityalliance.orgsubject to the following: (a) the draft may be used solely for your personal, informational, non-commercial use; (b) the draft may not be modified or altered in any way; (c) the draft may not beredistributed; and (d) the trademark, copyright or other notices may not be removed. You may quoteportions of the draft as permitted by the Fair Use provisions of the United States Copyright Act,provided that you attribute the portions to the Cloud Security Alliance. Acknowledgments Lead Author Hillary Baron Contributors Marina BregkouJosh BukerRyan GiffordAlex KaluzaJohn Yeoh Graphic Design Claire LehnertStephen Lumpe About the Sponsor Tenable® is the exposure management company, exposing and closing the cybersecurity gaps thaterode business value, reputation, and trust. The company’s AI-powered exposure managementplatform radically unifies security visibility, insight, and action across the attack surface, equippingmodern organizations to protect against attacks, from IT infrastructure to cloud environmentsto critical infrastructure and everywhere in between. By protecting enterprises from securityexposure, Tenable reduces business risk for approximately 44,000 customers around the globe.Learn more at tenable.com. www.tenable.com Table of Contents Acknowledgments...............................................................................................................................3Lead Author...................................................................................................................................3Contributors..................................................................................................................................3Graphic Design..............................................................................................................................3About the Sponsor........................................................................................................................3Executive Summary.............................................................................................................................5Key Findings........................................................................................................................................6Key Finding 1: Hybrid and Multi-Cloud Dominate...........................................................................6Key Finding 2: Identity Has Become the Cloud’s Weakest (and Organizations’ MostWatched) Link................................................................................................................................8Key Finding 3: The Expertise Gap Creates a Leadership Alignment Challenge............................10Key Finding 4: Fighting Fires Instead of Preventing Them–Measuring Breaches, Not Prevention12Key Finding 5: AI Adoption Accelerates While Security Targets the Wrong Risks.......................13Key Finding 6: Time for a Security Strategy Reset.......................................................................16Conclusion.........................................................................................................................................17Full Survey Results.............................................................................................................................18Demographics...................................................................................................................................26Survey Methodology and Creation....................................................................................................27Goals of the Study.......................................................................................................................27 Executive Summary Hybrid and multi-cloud architectures have become the standard for most organizations, with 82%operating hybrid environments and 63% using multiple cloud providers. At the same time, AI adoptionis accelerating, with over half of organizations deploying AI for business needs—and 34% of those withAI workloads already experiencing breaches. Yet security strategies have not kept pace, leaving teamsreactive and fragmented. This survey reveals six critical insights: 1. Hybrid and Multi-Cloud Dominate:Flexible infrastructure demands unifiedsecurity visibility and policy enforcement—still lacking for most. 4. Measuring Breaches, Not Prevention:KPIs remain reactive, focused on incidentsinstead of risk reduction and resilience. 5. AI Adoption Outpaces SecurityReadiness: 2. Identity Risks Lead But RemainUnder-Managed: Organizations prioritize compliance andnovel AI risks over proven cloud and identitycontrols. Identity is now the top risk and breach cause,but many organizations rely on basic controlsand metrics, missing deeper g

点击免费查看完整报告