Summary: Why DNS Security Matters for Hybrid Cloud
Hybrid clouds are here to stay, but so are their blind spots. Breach costs, tool gaps, and AI risks demand DNS security as a cornerstone of enterprise resilience.
Hybrid cloud and AI adoption – as well as increasingly sophisticated threats against both – are forcing organizations to rethink where and how they protect themselves. As we look back at 2025, certain trends and operational realities stand out, making the case that DNS-level security is a foundational necessity.
Here are key insights, with fresh data, and what they imply for a modern DNS security offering like Whalebone Immunity.
Continued Growth of Hybrid-Cloud/Multi-Cloud Environments – Along with Gaps in Visibility
According to a survey of over 1,000 IT decision-makers by Ekco, the share of organizations using a hybrid cloud model has grown from 58% in 2022 to 68% in 2025 (Petri).
At the same time, a Bitdefender survey found that, among enterprises operating in hybrid environments 63% report a lack of visibility, and 61% report difficulty managing security policies consistently (Bitdefender).
What this means for you:
- With more infrastructure split across on-prem, public cloud, or multiple clouds, attack surfaces are expanding.
- Inadequate visibility and policy inconsistency increase risk – misconfigurations and unclear traffic flows all become leverage points for attackers.
- DNS is one of the few places where you see all outbound traffic, internal resolutions, and name lookups – giving you a vantage point that many orgs currently lack.
Costs of Breaches Remains High, Despite Minor Positive Shifts
IBM’s Cost of a Data Breach Report 2025 shows that the global average cost of a data breach is USD 4.44 million – a 9% decrease from 2024 (IBM). However, in the U.S., the average per-incident cost has risen to USD 10.22 million (Baker Donelson).
Breaches involving data spread across multiple environments cost more, and take longer to detect and mitigate (Bluefin).
It is important to note that organizations that heavily leverage AI/automation in their security posture saved around USD 1.9 million on average per breach, compared to those that do not (IBM).
What to draw from this:
- Even if DNS is not always the entry point, many breaches begin with or include DNS-related weaknesses (malicious domain resolution, phishing, misrouted traffic).
- Faster detection and containment are crucial – and DNS can often help with those (visibility, early warning, blocking).
- Investments in automation, threat intelligence, policy enforcement pay off materially.
Limited Tool Efficacy & Compromise Under Pressure
From a survey by Gigamon, 91% of organizations admit to making compromises due to limited visibility, poor tool integration, or lack of high-quality data – especially as AI/ML workloads and hybrid environments proliferate. Also, 55% of orgs surveyed lack confidence in their current tools’ abilities to detect breaches – citing visibility gaps as a core issue (Gigamon).
What this suggests:
- Traditional perimeter-focused security or siloed tooling is no longer enough.
- Organizations are being forced to accept risk, rather than proactively reduce it – often because they simply cannot see what is happening in their networks.
- DNS security can serve as a no-installation integration point, as it intersects with many other layers (endpoint, network, threat intelligence) while providing continuous, no-disruption visibility.
Implications for DNS-Layer Security & Whalebone Immunity
Across industries, a clear pattern is emerging: visibility, cost, and control gaps are undermining enterprise resilience, and DNS security has become one of the most effective ways to address all three at once.
Recent data underscores that visibility across hybrid environments remains elusive. Among enterprises operating in hybrid-cloud configurations, around 63 percent report poor visibility into network traffic, while many admit they’ve had to compromise on visibility or tool integration simply to keep operations running (Bitdefender; Gigamon).
This blind spot is precisely where DNS-layer protection offers unique value. Because every lookup – internal or external – flows through the DNS, it serves as a natural chokepoint for monitoring and control. Whalebone Immunity leverages this vantage point to give organizations comprehensive visibility across their digital ecosystems, flagging suspicious resolutions, tunneling behaviors, or emerging command-and-control (C&C or C2) activity long before they manifest as full-blown breaches.
Those breaches, when they do occur, remain staggeringly expensive. IBM’s Cost of a Data Breach Report 2025 pegs the global average loss at about USD 4.44 million, climbing to USD 10.22 million in the US – with higher costs tied to fragmented environments and slow detection (Baker Donelson; Bluefin). Preventing DNS-borne incidents such as phishing campaigns, domain hijacks, or malicious redirections can dramatically reduce both the probability and the financial impact of those events.
Compounding the challenge, many teams admit to “tool fatigue” and operational compromise under pressure. A large share of security leaders say their tools underdeliver, forcing trade-offs between data quality, policy consistency, and speed (Gigamon). DNS-based protection simplifies this equation. By centralizing policy enforcement and embedding threat intelligence at the resolution layer, it lightens workloads, closes visibility gaps, and provides actionable context that integrates smoothly with existing systems.
And as AI reshapes the security landscape, automation and governance are becoming inseparable. IBM’s 2025 findings show that organizations using AI-driven security automation save roughly USD 1.9 million per breach on average compared to those that do not (IBM). Yet many still struggle with oversight and the emergence of “shadow AI.” Here again, DNS offers leverage: machine-learning models can detect abnormal domain behavior in near-real time, while robust DNS-level policy control ensures those AI insights translate into enforceable governance. Whalebone Immunity brings both together – automation that strengthens control rather than weakening it.
Where to Go from Here: Reach Out to Us
If you are responsible for the resilience and security of critical IT infrastructure, the reality for 2026 is this: threats are evolving, environments are more complex, and tooling lags in many areas. DNS security is critical for secure operations in hybrid and cloud-native environments.
Whalebone Immunity is designed to deliver that visibility, control, and early warning at the DNS level – not as an afterthought, but as a front-line layer. If you build your security strategy with that mindset, you’re significantly more resilient against the kinds of breaches that continue to impose multi-million-dollar damage on organizations every year.
If you’re ready to enhance your organization’s DNS security, Whalebone is here to help. Reach out to our team to learn how our proven solutions can close security gaps in your network, to safeguard your data and customers – with a simple and unobtrusive approach.
Image quote source: GigaOm Radar for Domain Name System (DNS) Security
More Learning Resources
- Experts Say DNS Security Should Not Be Ignored
- Seacoast Cybersecurity Group White Paper: Protective DNS (PDNS): A Cybersecurity Best Practice and Requirement
- Whalebone White Paper: Leveraging Whalebone Immunity’s Protective DNS (PDNS) Toward a Zero Trust DNS (ZTDNS) Approach to Cybersecurity