Our POV: State of Cloud Native Security Report 2022
What Is This Report?
The second annual State of Cloud Native Security report examines the changing nature of cloud deployments and the reality of how organizations are securing the cloud today. The report was informed by a survey of 3,000 cloud architecture, InfoSec, and DevOps professionals across five countries (USA, UK, Germany, Japan and Brazil). The study included both C-level executives as well as practitioners.
Why Is It Important Now?
Cloud adoption has accelerated during the pandemic by 25% overall, which makes security even more critical. In fact, the survey reported an average of 59% of all workloads were running in the cloud in 2021, up from 46% in 2020. With growing cloud usage, there is a need for enterprises to have a cloud native security strategy in place, rather than just taking an ad hoc unstructured approach that is likely complex, less than optimal and actually adds friction to the security process.
It’s clear that running a cloud security program is different from those involved in an on-premises program. It’s not just the tools but also the mindset that needs to be different. Cloud security compared to on-premises security is much more fluid and changing
Cloud native security is not about a security check done as a discrete event that happened at a specific point in the software development process. As cloud adoption continues to grow, it’s critical that organizations realize that cloud native security is a living, breathing process. Organizations and their leaders must take steps now to help ensure improved cloud security posture now and for years to come.
Enterprises need an easier, frictionless path to cloud security.
Key Report Takeaways
- Among the key takeaways from the report is the rapid rise in serverless and PaaS (platform-as-aservice) adoption. In 2021, 42% of organizations reported they were using serverless and PaaS, up from only 22% in 2020.
- Also of note is the fact that organizations are doing more in the cloud with less budget. 39% of organizations are spending less than $10 million on a cloud, a 16% gain over 2020.
- 55% of organizations admit to having a weak security posture and want to improve. Areas of improvement include gaining multicloud visibility, consistent governance across cloud accounts and overall streamlining of cloud operations to help expedite incident response and investigation.
- Organizations are using multiple cloud security tools, which adds complexity and weakens overall security posture. The report found that 80% of businesses that mostly use open source security tools have a weaker security posture than those that primarily use a third party or a cloud services provider.
Our Advice for Leaders: Take Steps to Secure Your Cloud Transformation More Seamlessly
Most organizations see that cloud and growth are more or less synonymous in the future. If you can’t secure where you’re going to be growing into, then you’re just introducing a whole lot of unnecessary risk for the organization. Here is some foundational advice on how to help make this cloud shift more seamless.
Minimize the Number of Tools
Our research shows that the organizations that tend to be the most successful with cloud security are those that have a strategy and well-defined reasons for going into the cloud. As part of the strategy, it’s critical to optimize the number of security tools and vendors. With fewer tools, it’s easier for organizations to learn and manage cloud security. Having tools that work with each other and provide a coordinated capability to understand cloud security should be a primary goal to improve cloud securit.
Focus on Automation
A key to success for cloud native security is to focus on automation. Sudden increases in cloud workloads always result in an overwhelming number of new security incidents. As workloads grow, manual configurations are often wrong and have little chance of ever keeping up. With the rapid growth and scale of cloud workloads, it’s important to have automation that can help identify issues and prioritize alerts so that security teams do not get overwhelmed.
Reduce Security Friction
A potential barrier to an optimized cloud security posture is organizational friction, often between development and security teams. Friction can cause bottlenecks for deployment and a lack of visibility for security and operations teams. The report found that unsuccessful organizations had higher friction, while successful organizations had lower friction. The most successful organizations are able to find ways to integrate cloud security in a way that doesn’t introduce friction or additional burdens to operations and development.
Shift Left and Take a DevSecOps Approach
Among the ways to help reduce security friction, as well as improve overall cloud native security, is to take a shift-left approach.
In the shift-left approach, security is integrated earlier in the process, enabling what is often referred to as DevSecOps. With a shift-left approach, an organization is able to integrate more security touchpoints into the application development lifecycle. Those touchpoints are also introduced in a way that creates less burden for development teams. As such, security checks are added as early as possible into the code development and continue through the deployment and then into runtime, creating a constant feedback loop. The report shows that organizations that can adopt DevSecOps methodologies are more likely to be successful in their cloud adoption efforts than those that do not.
What the State of Cloud Native Security 2022 report clearly shows is that there are gaps in many organizations’ strategies, or lack thereof, for cloud security. Organizations raced to the cloud during the pandemic to help solve scalability and remote work issues, often without a security plan. Simply moving to the cloud doesn’t make an organization secure. There is a need to understand and embrace best practices for cloud native security to be successful.