The Key to Happiness at Work? Survey Says It’s DevSecOps
(SPONSORED) The globally condensed timeline for cloud adoption (due to COVID-19) provided something of a natural experiment that allowed us to compare different approaches to cloud security and see rapid results.
January 24, 2022
(SPONSORED ARTICLE) Unsurprisingly, the past two years have seen a rapid acceleration of cloud adoption across all countries and types of organizations. As we know, there are always degrees of risk when leveraging emerging technologies, especially in haste. When it comes to the cloud, success often means balancing the complexities of migration while maintaining operational integrity, not the least of which is limiting exposure to threats. What we've learned from reaching out to more than 3,000 professionals across security, development and IT is that success is more likely when an organization has a cohesive strategy for moving to the cloud. There needs to be a driving factor that shapes what adoption looks like. In other words, leaders need to think about why they are trying to secure the cloud -- do they need security to improve competitiveness, to better enable developers, or something else?
This highlights one of the lessons learned from our second-annual industry survey, the State of Cloud Native Security Report 2022 -- stronger security can help improve other business outcomes. Case in point, 80% of organizations with strong cloud security posture reported increased workforce productivity, and 85% of those with low “friction” between security and development/DevOps teams report the same.
The globally condensed timeline for cloud adoption (due to COVID-19) provided something of a natural experiment that allowed us to compare different approaches to cloud security and see rapid results. We were able to get unique insights into these challenges thanks to the speed at which organizations were forced to accelerate adoption strategies last year. Data from our cloud security survey shows businesses moved quickly to respond to increased cloud demands. Nearly 70% of organizations are now hosting more than half of their workloads in the cloud, and overall cloud adoption has grown by 25%.
Organizations that successfully navigated a significant growth in cloud workloads during the past year followed these practices:
Had clear strategic reasons for their growth -- an understandable organizational goal.
Focused on deploying comprehensive tooling from a few trusted providers, as opposed to point solutions from many providers.
Practiced disciplined, controlled spending, focusing on strategy rather than “throwing money at the problem.”
Integrated automation and DevSecOps principles across the cloud native application development lifecycle.
Additional findings shed light on the ways that budget and spending affect cloud security, the ways organizations balance security tools and solution providers, and the many additional factors that drove successful (and less successful) cloud adoption during the past year.
Cloud Expansion & Strategy
Organizations rapidly expanded their use of clouds during the pandemic by more than 25% overall, but struggled with comprehensive security, compliance, and technical complexity.
Security Posture & Friction
80% of organizations that primarily use open-source security tools have weak or very weak security posture, compared to 26% of those who primarily leverage their cloud services provider and 52% of those who depend on third parties, highlighting that piecing together a platform using disparate tools leaves an organization less secure.
Security Drivers
How well organizations adopted and implemented DevSecOps methodologies is the primary indicator of best-in-class security. Organizations that tightly integrate DevSecOps principles are over 7x more likely to have strong or very strong security posture and are 9x more likely to have low levels of security friction.
Respondents told us that the top three challenges in moving to the cloud were maintaining comprehensive security, managing technical complexity, and meeting compliance requirements, respectively. This aligns very closely with last year's results, showing that no matter the situation or reason an organization moves workloads to the cloud, security remains consistently challenging. The clear differentiator appeared in how organizations addressed cloud security.
Regardless of what stage you are at with your cloud journey, as the cloud’s unique capabilities continue to evolve, so have the ways in which we employ it to drive business forward. Check out our latest cloud security survey for yourself, or join us for a webinar for the latest research on cloud expansion and security during COVID-19.
Ankur Shah, Senior Vice President of Products, Prisma Cloud, Palo Alto Networks, has spent 16+ years bringing innovative security, collaboration, and virtualization technologies to market. He joined Palo Alto Networks through the acquisition of RedLock, where he ran product management for securing public clouds. In his current role, he is responsible for driving product strategy, roadmap, and execution for public cloud security.
You May Also Like