Cloud adoption is rapidly on the rise. Gartner estimates that 90% of organizations will adopt hybrid clouds through 2027 [1].  

There are many reasons why organizations are migrating on-premises infrastructure to the cloud. It can increase the speed and scale of computing resources, improve reliability and resilience, and save time by outsourcing the spinning up, patching, and updating of infrastructure.  

However, despite these benefits, it is complex to secure. Public clouds operate with a shared responsibility model, meaning that while the Cloud Service Provider (CSP) maintains the physical infrastructure and services, customer organizations are responsible for their own security and compliance in their cloud deployments.  

This customer responsibility is crucial. Gartner forecasted that through 2025, 99% of cloud security failures would be the customer’s fault [2]. As cloud environments grow, security teams are taking on a greater share of the responsibility to protect these assets.

The many teams involved in cloud security

Several teams work across the cloud, and all of them can contribute to cloud security. For example, basic cyber-hygiene and Identity and Access Management (IAM) should be practiced across teams.  

Not every organization has the same categorization of teams, but some common ones include:

• Security: assessing and mitigating vulnerabilities, risks, and threats. This team must be ready to identify, investigate, respond, and recover from incidents. ‍
• Infrastructure and ITOps: deploying and maintaining resources. Security must be considered across all layers of the cloud, including gateways, identity, encryption, and attack surface. ‍
• Research & development: building cloud-based applications. Security must be baked into code, referenced data, access, APIs, and third-party integrations. ‍
• DevOps: improving the software development process. Security must be applied to code across the development and production stages. ‍
• Compliance: adhering to industry standards and frameworks. Security often comes up in compliance regulations.  ‍
• End users: working in the cloud. Security must be taught through employee training sessions to adopt best practices and increase resistance against threats like phishing or data loss.

Traditionally, many organizations left cloud security to dedicated cloud teams. However, it is becoming more and more common for security teams to take on the responsibilities of securing the cloud. This is also true of organizations undergoing cloud migration and spinning up cloud infrastructure for the first time.

The complexity of cloud security

Most organizations using the cloud today have hybrid and/or multi-cloud deployments. Hybrid deployments combine public and private cloud environments and multi-cloud deployments use a combination of public cloud providers or regions where servers are stored. In fact, Deloitte reports that as many as 85% of businesses, a vast majority, use two or more cloud platforms, and 25% use at least five [3].

While these diverse deployments can boost resiliency, they also complicate security. Multiple environments increase the attack surface and reduce architectural visibility, making misconfigurations, unmanaged access, and inconsistent policies more likely. This complexity creates gaps in security that often require  specialized teams and expert personnel to address.  

Challenges driving security teams’ responsibility

The usual approaches to other types of cybersecurity can’t be applied the exact same way to the cloud. With the inherent dynamism and flexibility of the cloud, the necessary security mindset differs greatly from those for networks or data centers, with which security teams may be more familiar.

For example, IAM is both critical and distinct to cloud computing, and the associated policies, rules, and downstream impacts require intentional care. IAM rules not only govern people, but also non-human entities like service accounts, API keys, and OAuth tokens. These considerations are unique to cloud security, and established teams may need to learn new skills to reduce security gaps in the cloud.

Additionally, there are greater compliance pressures from GDPR, CCPA, and industry-specific regulations. While some companies have dedicated compliance teams, not every organization does and others are not always familiar with working in cloud environments. In these cases, responsibilities may fall to the security team.  

Finally, there has been a rise in sophisticated, cloud-based threats, such as account takeovers and misconfigurations. Preparing, responding to, and recovering from these cloud-specific threats lie with the security team as well.  

Learn more about the top risks and attacks faced in the cloud in the white paper: “Tackling the 11 Biggest Cloud Threats with AI-Powered Defense.”

Solutions empowering security teams

The leading role of security teams in cloud security can put a strain on existing resources as well as exacerbate skills gaps. In response, security teams can turn to AI-powered tools like Darktrace / CLOUD to provide real-time detection and response in cloud environments.  

Darktrace uses multi-layered AI to learn normal ‘patterns of life’ for all users, technologies, and resources across the organization, enabling it to recognize the subtlest anomalies that point to an emerging threat.  

The use of AI allows for automation that reduces manual workloads and saves teams time. The self-learning capabilities also help the human team detect subtle indicators that can be hard to spot amid the immense noise of legitimate, day-to-day digital interactions.

With these, Darktrace can respond to both known and novel threats, helping security teams keep pace with today’s sophisticated threats, even if team members feel less confident in cloud environments.  

Crucially, Darktrace / CLOUD can enable proactive risk management as well. Attack Path Modeling for the cloud identifies exposed assets and highlights internal attack paths to give a dynamic view of the riskiest paths across cloud environments, network environments, and between – enabling security teams to prioritize based on unique business risk and address gaps to prevent future attacks.  

Darktrace / CLOUD dynamically adjusts its focus based on evolving risks, analyzing misconfigurations, and anomalous activity to prevent potential attacks. Its Entitlement Enumeration capability helps security teams gain visibility into all identities, roles, and permissions, allowing dynamic adjustments to stop insider threats and lateral movement.

In these ways, the AI-powered Darktrace / CLOUD can support security teams as they take on the lion’s share of responsibility in securing the cloud, regardless of any resource limitations or skills gaps.

Conclusion

Cloud security is both vital under the shared responsibility model and complex with hybrid and multi-cloud deployments and strict regulatory demands. While many teams contribute to cloud security, more and more responsibilities are shifting to security teams specifically.

AI-powered solutions that can detect and respond to threats spanning a wide range of risks and attack types can support security teams as they protect dynamic cloud environments. By adopting real-time cloud detection and response tools, security teams have more time to dedicate to proactive projects and high-level tasks as well as reduced burden on less specialized team members.  

Discover how advanced AI solutions like Darktrace / CLOUD can address evolving cloud security needs in the solution brief.  

Read more about the latest trends in cloud security in the blog “Protecting Your Hybrid Cloud: The Future of Cloud Security in 2025 and Beyond.”

References:

1. Gartner, November 19, 2024, “Cloud End-User Spending to Total $723 Billion in 2025”  

2. Gartner, October 10, 2019, “Is the Cloud Secure?”

3. Deloitte, December 6, 2022, “Above the clouds: Taming multicloud chaos”  

We are pleased to announce that Darktrace / OT has been named a Market Leader in Omdia’s  2025 Market Radar for OT Cybersecurity Platforms. We believe this highlights our unique capabilities in the OT security market and follows similar recognition from Gartner who recently named Darktrace / OT as the sole Visionary in in the Magic Quadrant for Cyber Physical Systems (CPS) Protection Platforms market.

Historically, IT and OT systems have been managed separately, creating challenges due to the differences of priorities between the two domains. While both value availability, IT emphasizes confidentiality and integrity whereas OT focuses on safety and reliability. Organizations are increasingly converging these systems to reap the benefits of automation, efficiency, and productivity (1).

Omdia’s research highlights that decision makers are increasingly prioritizing comprehensive security coverage, centralized management, and advanced cybersecurity capabilities when selecting OT security solutions (1).

Rising productivity demands have driven the convergence of OT, IT, and cloud-connected systems, expanding attack surfaces and exposing vulnerabilities. Darktrace / OT provides a comprehensive OT security solution, purpose-built for critical infrastructure, offering visibility across OT, IoT, and IT assets, bespoke risk management, and industry-leading threat detection and response powered by Self-Learning AI^TM.

An AI-first approach to OT security  

Many OT security vendors have integrated AI into their offerings, often leveraging machine learning for anomaly detection and threat response. However, only a few have a deep-rooted history in AI, with longstanding expertise shaping their approach beyond surface-level adoption.

The Omdia Market Radar recognizes that Darktrace has extensive background in the AI space:

“Darktrace has invested extensively in AI research to fuel its capabilities since 2013 with 200-plus patent applications, providing anomaly detection with a significant level of customization, helping with SOC productivity and efficiency, streamlining to show what matters for OT.” (1)

Unlike other security approaches that rely on existing threat data, Darktrace / OT achieves this through Self-Learning AI that understands normal business operations, detecting and containing known and unknown threats autonomously, thereby reducing Sec Ops workload and ensuring minimal downtime

This approach extends to incident investigations where an industry-first Cyber AI Analyst^TM automatically investigates all relevant threats across IT and OT, prioritizes critical incidents, and then summarizes findings in an easily understandable view—bringing production engineers and security analysts together to communicate and quickly take appropriate action.

Balancing autonomous response with human oversight

In OT environments where uptime is essential, autonomous response technology can be approached with apprehension. However, Darktrace offers customizable response actions that can be set to “human confirmation mode.”

Omdia recognizes that our approach provides customizable options for autonomous response:

“Darktrace’s autonomous response functionality enforces normal, expected behavior. This can be automated but does not need to be from the beginning, and it can be fine-tuned. Alternative step-by-step mitigations are clearly laid out step-by-step and updated based on organizational risk posture and current level of progress.” (1)

This approach allows security and production to keep humans-in-the-loop with pre-defined actions for potential attacks, enforcing normal to contain a threat, and allowing production to continue without disruption.  

Bespoke vulnerability and risk management

In the realm of OT security, asset management takes precedent as one of the key focus points for organizations. With a large quantity of assets to manage, practitioners are overwhelmed with information with no real way to prioritize or apply them to their unique environment.

Darktrace / OT is recognized by Omdia as having:

“Advanced risk management capabilities that showcase metrics on impact, exploit difficulty, and estimated cost of an attack […] Given the nascency of this capability (April 2024), it is remarkably granular in depth and insight.” (1)

Enabling this is Darktrace’s unique approach to AI extends to risk management capabilities for OT. Darktrace / OT understands customers’ unique risks by building a comprehensive and contextualized picture that goes beyond isolated CVE scoring. It combines attack path modeling with MITRE ATT&CK  techniques to provide hardening recommendations regardless of patching availability and gives you a clearer view of the potential impact of an attack from APT groups.

Modular, scalable security for industrial environments ‍

Organizations need flexibility when it comes to OT security, some want a fully integrated IT-OT security stack, while others prefer a segregated approach due to compliance or operational concerns. The Darktrace ActiveAI Security Platform offers integrated security across multiple domains, allowing flexibility and unification across IT and OT security. The platform combines telemetry from all areas of your digital estate to detect and respond to threats, including OT, network, cloud, email, and user identities.

Omdia recognizes Darktrace’s expansive coverage across multiple domains as a key reason why organizations should consider Darktrace / OT:

“Darktrace’s modular and platform, approach offer’s integrated security across multiple domains. It offers the option of Darktrace / OT as a separate platform product for those that want to segregate IT and OT cybersecurity or are not yet in a position to secure both domains in tandem. The deployment of Darktrace’s platform is flexible—with nine different deployment options, including physical on-premises, virtual, cloud, and hybrid.” (1)

With flexible deployment options, Darktrace offers security teams the ability to choose a model that works best for their organization, ensuring that security doesn’t have to be a “one-size-fits-all” approach.

Conclusion: Why Darktrace / OT stands out in Omdia’s evaluation

Omdia’s 2025 Market Radar for OT Cybersecurity Platforms provides a technical-first, vendor-agnostic evaluation, offering critical insights for organizations looking to strengthen their OT security posture. Darktrace’s recognition as a Market Leader reinforces its unique AI-driven approach, flexible deployment options, and advanced risk management capabilities as key differentiators in an evolving threat landscape.

By leveraging Self-Learning AI, autonomous response, and real-world risk analysis, Darktrace / OT enables organizations to detect, investigate, and mitigate threats before they escalate, without compromising operational uptime.

Read the full report here!

References

1. www.darktrace.com/resources/darktrace-named-a-market-leader-in-the-2025-omdia-market-radar-for-ot-cybersecurity-platforms