# What’s new in cloud security

> Source: <https://www.infoworld.com/article/4193442/whats-new-in-cloud-security.html>
> Published: 2026-07-07 09:00:00+00:00

The cloud security landscape has changed dramatically in recent years, and 2026 presents a completely different scenario. The integration of advanced AI, [autonomous agent](https://www.infoworld.com/article/3611465/how-ai-agents-will-transform-the-future-of-work.html) systems, and the looming threat of quantum computing all require a new security approach, unlike the strategies that have worked for the past decade. While threats have obviously evolved, you might be surprised by how much defensive technologies and architectural strategies have advanced, too.

I have been tracking security across the cloud industry throughout 2026, and three trends have emerged as the most consequential developments that every technology leader needs to understand. These are not minor adjustments to existing security postures. They are fundamental shifts in how we protect cloud infrastructure, with implications that extend well beyond the security team into broader architectural issues.

The most notable trend is the rapid adoption of [zero-trust architecture](https://www.csoonline.com/article/564201/what-is-zero-trust-a-model-for-more-effective-security.html) among enterprises in cloud environments. Gartner predicts that by 2026, 10% of large companies will have a fully developed zero-trust program, compared with less than 1% today. This is not merely a forecast but reflects current industry shifts as organizations recognize that traditional perimeter-based security is ineffective in a landscape where workloads span multiple clouds, remote workers connect from home networks, and applications run in hybrid architectures.

Zero-trust is based on a fundamentally different approach compared to earlier security models. Instead of trusting internal network traffic by default, it treats every access request as potentially malicious, regardless of the source. This approach involves constant identity verification, strict adherence to least-privilege principles, and micro-segmentation of network resources to reduce the impact of potential breaches.

The shift from focusing solely on network security to emphasizing identity-based security is especially important in cloud settings. Solutions like Microsoft Entra ID and Okta have become the foundation for zero-trust architectures, supporting both [cloud-native](https://www.infoworld.com/article/2255318/what-is-cloud-native-the-modern-way-to-develop-software.html) and on-premises systems. According to the Cloud Security Alliance, many zero-trust efforts fail at the network level because organizations still depend on firewalls and VPNs that base trust on traffic origin rather than who is requesting access or what they are trying to reach. Successful zero-trust implementations have moved past this limitation by viewing identity as the actual perimeter.

For enterprise readers, the message is clear. If your organization has not yet launched a serious zero-trust initiative, you are falling behind. This is no longer a forward-thinking security enhancement. It is the baseline expectation for any organization running significant workloads in the cloud.

A second major trend in 2026 is the rising focus on quantum-safe encryption in cloud environments. [Quantum computing](https://www.infoworld.com/article/2260047/what-is-quantum-computing-solutions-to-impossible-problems.html) was long seen as a distant threat to be addressed “someday” as the technology matured. That complacency is no longer justified. IBM recently marked a decade of quantum cloud access, and quantum capabilities are advancing so fast that our current cryptographic security foundations are becoming vulnerable.

The concern is straightforward. Current encryption, especially public key cryptography, relies on hard mathematical problems that classical computers can’t solve easily. Quantum computers will eventually solve many of these problems, making current encryption standards obsolete. A major worry is the “harvest now, decrypt later” strategy, in which adversaries capture encrypted data now and plan to decrypt it later when quantum computers become available.

IBM Quantum Safe is one of the most comprehensive responses to this challenge in the cloud industry. The platform provides tools and services to help organizations migrate to post-quantum cryptographic standards, ensuring that sensitive data protected today will remain secure in a future where quantum attacks are possible. Microsoft has made similar advances in post-quantum cryptography, collaborating with global standards bodies to develop algorithms that can withstand both classical and quantum attacks.

If your organization handles long-lived sensitive data, operates in regulated industries, or maintains classified information, you need to be thinking about quantum-safe cryptography now. The migration to new cryptographic standards cannot be accomplished overnight, and organizations that wait until quantum computers pose an immediate threat will find themselves in a difficult position.

The third trend transforming cloud security in 2026 is AI’s dual role as both an attacker force multiplier and a vital component of defense. This complexity is one of the most challenging aspects for security leaders, as AI investments may both enhance and undermine security, depending on their implementation and governance.

The threat landscape has become more prominent over the past year. According to [CrowdStrike’s 2026 Global Threat Report](https://go.crowdstrike.com/2026-global-threat-report.html?utm_campaign=thih&utm_content=crwd-saia-amer-us-en-psp-x-wht-frntl-tct_x_x_x-x-x&utm_medium=sem&utm_source=goog&utm_term=global%20threat%20report%202026&utm_language=en-us&cq_cmp=1705069828&cq_plac=&gad_source=1&gad_campaignid=1705069828&gbraid=0AAAAAC-K3YSXKPYg-61_LSZ4H1RmUljxl&gclid=CjwKCAjwpK3SBhASEiwAtV1SPE7UvgI5bnpayE-VNwKAXa5rcBzHcO2RJRHuk-vulZNKOR3Y6oyM8xoC4vkQAvD_BwE#form), AI is facilitating more advanced attacks, with more than 90 organizations reporting breaches involving legitimate AI tools used as attack channels. Adversarial techniques such as data poisoning and model inversion pose practical risks that organizations need to consider when deploying AI systems in operational settings. Furthermore, the proliferation of deepfakes and AI-generated synthetic media complicates [identity verification](https://www.csoonline.com/article/518296/what-is-iam-identity-and-access-management-explained.html) and social engineering defense strategies.

However, the defensive side of the AI equation is equally powerful and rapidly maturing. AI-powered security tools enable early detection of anomalies, dramatically reduce incident response times, and eliminate the false-positive fatigue that has plagued security operations teams for years. SentinelOne and other endpoint security platforms have used AI to detect threats that would be invisible to traditional signature-based systems.

Perhaps most importantly, the rise of agentic AI systems in enterprises introduces a new security challenge: managing non-human identities. As autonomous AI agents run nonstop across cloud environments, each one becomes an identity requiring protection, oversight, and regulation. [The Cloud Security Alliance has identified non-human identity governance](https://labs.cloudsecurityalliance.org/research/csa-whitepaper-nonhuman-identity-agentic-ai-governance-v1-cs/) as the key security gap in the age of agentic AI, emphasizing the need for a complete framework to handle AI agent identities, just as organizations do with human user identities.

These three trends are interconnected, creating a more complex and significant security landscape than ever before. Zero-trust relies on identity verification, which AI systems must support. Quantum-safe cryptography must be implemented carefully to prevent vulnerabilities that AI-driven attacks could exploit. Additionally, as AI agents become an increasingly important part of your digital workforce, integrating non-human identity management into your overall security framework is essential.

To successfully manage this complexity, identify these trends early and begin adjusting your security architecture now. This requires investing in zero-trust foundations, moving toward quantum-safe encryption, and creating governance frameworks for AI systems that address both functionality and security needs. The cloud security landscape is evolving faster than most organizations realize. The question now is whether you are paying attention and, more importantly, whether your security architecture will be prepared for what is coming.
