(Supported Article) Unsurprisingly, the past two years have seen a rapid acceleration of cloud adoption across all countries and types of organizations. As we know, there are always degrees of risk when taking advantage of emerging technologies, especially in a hurry. When it comes to the cloud, success often means balancing the complexities of a migration while maintaining operational integrity, not the least of which is reducing exposure to threats. What we’ve learned from access to over 3,000 security, development and IT professionals is that success increases when an organization has a coherent strategy for moving to the cloud. There has to be a driving factor that shapes what adoption looks like. In other words, leaders need to think about why they are trying to secure the cloud – do they need security to improve competitiveness, or to better empower developers, or something else?
This highlights one of the lessons learned from our second annual industry survey, which is Cloud Native Security Status Report 2022 Stronger security can help improve other business outcomes. Case in point, 80% of organizations with a strong security posture on the cloud report increased workforce productivity, and 85% of organizations with low “friction” between security and development/DevOps teams report this.
The extensive global timeline of cloud adoption (due to COVID-19) provided something of a natural experiment that allowed us to compare different approaches to cloud security and see quick results. We were able to gain unique insights into these challenges thanks to the speed with which organizations were forced to accelerate adoption strategies last year. Data from the Cloud Security Survey shows that companies are moving quickly to respond to the increasing demands of the cloud. Nearly 70% of organizations now host more than half of their workloads in the cloud, and cloud adoption overall has increased by 25%.
Organizations that have seen significant growth in cloud workloads over the past year have followed these practices:
- It had clear strategic reasons for its growth – an understandable organizational goal.
- Focus on deploying comprehensive tools from a few trusted providers, as opposed to point solutions from many providers.
- Practice disciplined and disciplined spending, and focus on strategy rather than “throwing money at the problem.”
- Integrated automation and DevSecOps principles across the cloud-native application development lifecycle.
Additional findings highlight the ways budget and spending affect cloud security, the ways organizations balance security tools and solution providers, and the many additional factors that have led to successful (and less successful) cloud adoption over the past year.
Cloud expansion and strategy
- Organizations have rapidly expanded their use of clouds during the pandemic by more than 25% overall, but have struggled with overall security, compliance, and technical complexity.
Security situation and friction
- 80% of organizations that primarily use open source security tools have a poor or very weak security situation, compared to 26% of those who primarily make use of a cloud service provider and 52% of those who rely on third parties, highlighting that Bring the platform together Using disparate tools makes your organization less secure.
- The extent to which organizations successfully adopt and implement DevSecOps methodologies is the key indicator of best-in-class security. Organizations that tightly integrate DevSecOps principles are more than 7 times more likely to have a strong or very strong security posture, and are 9 times more likely to have low levels of security friction.
Respondents told us that the top three challenges in moving to the cloud were maintaining end-to-end security, managing technical complexity, and meeting compliance requirements, respectively. This closely corresponds to Last year’s results, which shows that no matter what situation or reason an organization moves workloads to the cloud, security remains an ongoing challenge. The difference emerged in how organizations approach cloud security.
No matter what stage you are at in your cloud journey, the unique capabilities of the cloud continue to evolve, so use the ways we use them to drive business forward. Verify Latest cloud security scan for yourself, or join us to get webinar For the latest research on expanding the cloud and security during COVID-19.
Ankur Shah, Senior Vice President of Products, Prisma Cloud, Palo Alto Networks, has spent more than 16 years bringing innovative security, collaboration, and virtualization technologies to market. He joined Palo Alto Networks with the acquisition of RedLock, where he managed the product management for securing public clouds. In his current role, he is responsible for leading the product strategy, roadmap and implementation for public cloud security.