The first annual State of Cloud Native Security report is here ! Find out what's happening in cloud native security today and what’s working best for organizations. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report will help you make decisions about the cloud by surfacing information based on a proprietary set of well-analyzed data.
Cloud Native Security Today
The State of the Cloud and Cloud Native Adoption
Organizations have moved to cloud over the past couple of decades to meet their need for faster, more flexible computing at a reasonable cost. For these same reasons, cloud adoption is accelerating – and so are the challenges that organizations face when moving workloads to the cloud and expanding their cloud estates.
As you peruse the first section of the report, you’ll see characteristics of respondents’ companies, such as revenue and degree of cloud adoption, against the choices these companies make for their cloud operations.
Cloud adoption is high and growing
Cloud adoption is already high, and it’s going to keep on growing. Discover how different industries, company sizes and geography handles this adoption.
Multicloud is the norm:
Overwhelmingly, our survey respondents manage multiple cloud environments. Discover platform use by company size and industry.
Public cloud vs. private cloud: It’s a wash
Our survey shows that organizations balance their use of public and private cloud services, with no real bias toward either option. Most respondents report that cloud workloads are hosted in a mix of public and private environments. Discover public and private cloud usage by annual revenue, cloud adoption, industry and geography!
Companies use a blend of compute technologies
As companies seek to host more of their workloads in the cloud and begin developing applications specifically to run in the cloud – that is, cloud native applications – they also adopt cloud native technologies. These technologies include abstracted models that are independent of computing hardware, often referred to as computes. We asked our survey takers about the compute technologies their organizations use.
VMs, including hosts and IaaS
CaaS and managed container services such as Kubernetes
PaaS or serverless, and technologies such as FarGate, Cloud Run or Pivotal Cloud Foundry
Discover how companies use a blend of compute technologies
How much companies invest in cloud:
Discover how much companies invest in cloud. Perhaps the most interesting finding around cloud spending is that more investment does not necessarily correspond to using more cloud platforms.
Challenges to cloud adoption:
Our survey respondents say the top challenges are the following:
Maintaining comprehensive security
Challenges in Moving to the Cloud
The State of Securing the Cloud and Cloud Native Workloads: Discover what's keeping cloud security folks awake at night.
Cloud security is an ever-moving goalpost: Four out of five of our survey respondents told us their company’s infrastructure is constantly evolving and three quarters of our survey respondents said that cloud security tools and solutions are outpaced by threats to their cloud systems
The threats and challenges to cloud security: Discover the top threats, top challenges and top priorities to cloud security.
Investing in cloud security: Discover how much companies invest in cloud security.
With multiple threats and challenges to the security of their cloud-hosted applications and data, we asked how much companies are investing in cloud security. How are companies employing their cloud budgets to deal with the wide range of threats and address their security priorities ? They’re buying tools, signing up for services and hiring people.
Security team structure:Discoverhow companies vary in how they approach cloud security team structure.
Security tools and vendors: More does not always equal better
At a certain point, there are just too many tools and vendors. Training employees on security tools is one of the top challenges to providing comprehensive cloud security. In fact, as companies achieve a higher level of security preparedness (discussed in the report), the top challenge to cloud security becomes training employees on tools, so rationalizing the use of fewer tools makes sense. As teams gain more experience, they can identify overlaps between tools and vendor offerings and judge which ones best answer their particular needs.
Measuring Security Preparedness:
We asked respondents to rate their organization’s overall security posture for cloud workloads. Eighty-four percent said their organization’s cloud security posture was “strong” or “very strong.” Given how many concerns respondents shared, this seemed odd and contradictory. Discover how we dug into our survey results to see if we could uncover a more nuanced picture of people’s feelings and perceptions around cloud security
We identified three levels of security preparedness among the surveyed organizations: low, medium and high. Just 18% of companies are highly prepared to keep their cloud estates secure.
Discover common practices to organizations with high preparedness levels:
Companies at the highest level of cloud security preparedness are embedding security into their DevOps process and integrating security into the software development lifecycle.
As companies increase their level of security preparedness, training employees on security emerges as the biggest challenge.
As companies improve security preparedness and expand security practices, they recognize that using many security tools can actually hinder cloud security.
As companies increase their security actions and preparedness, they reduce the number of security tools they’re using and say that a single, comprehensive cloud native security solution would improve their security.