If you’re reading this, you’re probably using multiple cloud service providers (CSPs). A 2025 Flexera report found that 86% of enterprises are running a multicloud strategy, with 70% of the respondents opting for a hybrid approach. Previous findings found that 82% of larger enterprises employ three or more clouds.
The availability and ease of deploying multiple cloud solutions enables companies to increase agility, scalability and resilience by using best-of-breed tools rather than putting all their IT eggs in one public cloud basket.
As multicloud environments become the de facto standard for enterprise IT, organizations face a critical security question: Is it feasible to rely on a single cloud service provider (CSP) for security across multiple clouds? While few security professionals would recommend this approach, it may become reality for many organizations as major cloud providers continue acquiring independent security vendors who once maintained cloud-neutral positions.
Conflicting Interests
To risk stating the obvious, CSPs are in the business of selling cloud services. Their acquisitions are ultimately geared toward creating a richer, more complete offering on their clouds. An acquired security product is likely to maintain its multicloud support in the short term. But over the long haul, the security product has little incentive for maintaining feature parity with other clouds.
Even with the best of intentions, there’s an inherent conflict of interest. CSP-owned security products will naturally prioritize their parent company's ecosystem — and often at the expense of cross-cloud capabilities. Once vendor-neutral, acquired tools gradually or overtly become optimized for their new parent's cloud platform. And beyond immediate functionality, acquisitions can hamper innovation as security products compete for resources within larger organizations whose primary focus isn't security.
Market consolidation creates challenges for security leaders, particularly CISOs, when their organization's cloud strategy doesn't align with their security vendor's new parent CSP. Organizations committed to multicloud architectures, or those primarily using competing CSPs, may find their security teams constrained in supporting business objectives. Even when security tools technically function across different clouds, vendor lock-in can manifest in subtle ways — such as unfavorable pricing leverage during contract negotiations
Cloud-Agnostic Security Benefits
The crux of our argument here is simple: The best way to ensure security across a sprawling enterprise multicloud estate is to adopt a cloud-agnostic approach. This means security tools that work across products from all CSPs and are committed to a long-term multicloud strategy.
When security is decoupled from other IT infrastructure, rest assured that vendor interests align with those of security leaders, rather than other priorities, and that capabilities and product roadmaps are prioritized by the value they provide to that core customer base.
In a multicloud world, a unified security solution working across clouds using a common threat model reduces complexity, streamlines compliance, and ensures that threats are identified and mitigated — whether in AWS, Azure, GCP or on-premises.
This is not to disparage cloud service providers and the often excellent security suites they provide. It wouldn’t be prudent, however, to assume that CSPs can offer the same security or support when you’re using a competitor’s cloud infrastructure. To reduce vendor risk when choosing strategic partners, you need to factor these considerations into your decision.
Staying Neutral in the Cloud Wars
With increasing consolidation and a potential move away from cloud-agnostic security products, enterprises need to find a way of securely supporting multicloud infrastructure. We are proud to offer Cortex Cloud as a unified security solution that delivers reliable multicloud security across all clouds.
By offering real-time protection across diverse cloud environments, Cortex Cloud enables organizations to maintain consistent security policies and visibility, regardless of the underlying cloud provider. Features such as AI-powered prioritization, automated remediation and a simplified user experience enable security teams to manage risks and efficiently respond to threats across multicloud infrastructures.
Adopting our cloud-agnostic security allows enterprises to avoid vendor lock-in and ensure robust protection across all cloud platforms. This makes Cortex Cloud a reliable choice for businesses that want to protect their cloud infrastructure, their customers and their bottom lines.
We believe that cloud security should maintain a healthy distance from the specific cloud infrastructure choices that customers make. As cloud wars continue to heat up, and with AI expediting digital transformation processes and forcing enterprises to grow their IT footprint, we’re fortunate to have but one side to choose — that of our customers.
See Cortex Cloud in action. Schedule a demo today.