The 2021 State of Cloud Adoption

Introduction

Cloud usage among enterprises continues its upward trends, outpacing fast-growth expectations of only just a few years ago. In 2018, a well-researched forecast was that by 2021, 35% of all enterprise workloads would be in public cloud applications; today, it globally stands at 50%, with expectations of an additional 7 percentage point gain in the next year. Security concerns have been a major impetus for this growth, with increasing needs for organizations to adjust their security posture to both keep attackers out (cybersecurity) and to minimize the damage caused once they are in (cyber resilience).

Inside this growth, a security paradox has also been borne: security demands driving cloud adoption have for many also presented a barrier to adoption, as a recent global research report revealed. Fully, 81 % of IT executives and practitioners indicate security is a major challenge in cloud adoption. Cloud maturity didn’t lessen the severity of this challenge. For advanced users, managing cloud security remained a top challenge.

What has been missing in much of the research done to date is an understanding of the challenges medium and large enterprises encounter with cloud applications they build and deploy and their solutions to the security dilemma*.* This report provides an overview of key findings on a comprehensive study of the topic commissioned by Security Compass. While prior forecasts may have been off, this original research underscores one truism from experts who foresaw the future in this field: “Security isn’t icing on top of a cake. It needs to be baked in from the start.”

Current State

This image depicts three charts related to cloud adoption in 2021. The first chart shows the priority of cloud adoption, with 71% marking it as a top priority. The second chart compares the percentage of apps developed on-premise versus in the cloud, showing 52% of apps are developed in the cloud. The third chart shows that 60% of on-premise apps are expected to migrate to the cloud within two years.

Developing software applications in the Cloud is a top priority in 2021 for most medium to large enterprises. While about half are still being built and deployed on-premise, fully 60% of these are expected to migrate to the cloud within the next two years both in the US and the UK.

Driving Cloud Adoption

Enabling a remote workforce is the largest driver of cloud adoption.

A chart showing what drives cloud adoption in app development: Enabling a Remote Workforce (Top Rank 46%, 2nd Rank 24%, 3rd Rank 29%), Bringing Technology to Market Faster (Top Rank 35%, 2nd Rank 33%, 3rd Rank 32%), Increasing Agility (Top Rank 32%, 2nd Rank 37%, 3rd Rank 31%).

This finding is particularly true for large enterprises (>$5B) in annual revenue. For mid-sized companies, in the $1B to < $5B annual revenue range, agility is the #1driver of cloud adoption.

Overall, security teams’ #1 contribution is secure cloud configuration but for large enterprises, most importantly they provide guard rails and governance.

 

This image demonstrates the factors driving cloud adoption in app development, highlighting that enabling a remote workforce is the top driver at 46%, followed by bringing technology to market faster at 35%, and increasing agility at 32%.

Challenges in Building and Deploying in the Cloud

This chart shows the challenges faced in internal cloud adoption, with security requirements and integration with on-premises technology both at 54%, finding resources with necessary skills at 45%, alignment among business units and key stakeholders at 44%, and cost at 37%.

The #1 challenge companies face when building and deploying to the cloud is simply meeting security requirements while integrating with on-premise technologies. This finding is even more pronounced among the largest (5000+ FTE developers) dev shops.

Processes and Automation

Risk assessments are most often done; threat modelling is least often done across all companies. For companies developing almost all their software apps in the Cloud, threat modelling drops to just 1/3. One finding is very clear: the more apps that are developed in the Cloud, the greater the need for proactive security and compliance processes.

This image presents two charts. The left chart lists proactive security and compliance processes undertaken for apps developed in the cloud, with risk assessments at 72% and secure coding guidelines at 66%. The right chart shows interest in automation, with 70% strongly agreeing and 27% agreeing that they would be interested in a solution that automates proactive security and compliance processes.

Conclusion

What drove Cloud Adoption in the early days of its growth was number one, cost-savings, and number two, optimum resource utilization. Much has changed, with our current findings pointing to a new first place stand-out, enabling a remote workforce and secondly, bringing technology to market faster.

That said, one of our key findings for medium and large enterprises building and deploying to the cloud bears repeating as it mirrors what others evidence in purchasing cloud applications: the #1 challenge is meeting security requirements. This finding is even more pronounced among the largest enterprises (5000+ FT developers) . With 83% of IT execs and practitioners viewing Cloud adoption as the key priority for 2021, this challenge can not be ignored.

As the security challenge has come more to light, so too has the solution. Security teams are needed for secure cloud service configuration and to provide security guard rails and governance. To do so effectively, there is unanimity in the need for automated solutions. Nowhere is this more evident than in the current gaps in proactive security and compliance processes, with less than 50% of companies carrying out comprehensive threat modeling and just-in-time security training during application development. The good news is, these gaps can be filled with tools and processes available for companies willing to invest in proactive security solutions.