Introduction
Cloud usage among enterprises continues its upward trends, outpacing fast-growth expectations of only just a few years ago. In 2018, a well-researched forecast was that by 2021, 35% of all enterprise workloads would be in public cloud applications; today, it globally stands at 50%, with expectations of an additional 7 percentage point gain in the next year. Security concerns have been a major impetus for this growth, with increasing needs for organizations to adjust their security posture to both keep attackers out (cybersecurity) and to minimize the damage caused once they are in (cyber resilience).
Inside this growth, a security paradox has also been borne: security demands driving cloud adoption have for many also presented a barrier to adoption, as a recent global research report revealed. Fully, 81 % of IT executives and practitioners indicate security is a major challenge in cloud adoption. Cloud maturity didn’t lessen the severity of this challenge. For advanced users, managing cloud security remained a top challenge.
What has been missing in much of the research done to date is an understanding of the challenges medium and large enterprises encounter with cloud applications they build and deploy and their solutions to the security dilemma*.* This report provides an overview of key findings on a comprehensive study of the topic commissioned by Security Compass. While prior forecasts may have been off, this original research underscores one truism from experts who foresaw the future in this field: “Security isn’t icing on top of a cake. It needs to be baked in from the start.”
Current State
Developing software applications in the Cloud is a top priority in 2021 for most medium to large enterprises. While about half are still being built and deployed on-premise, fully 60% of these are expected to migrate to the cloud within the next two years both in the US and the UK.
Driving Cloud Adoption
Enabling a remote workforce is the largest driver of cloud adoption.
This finding is particularly true for large enterprises (>$5B) in annual revenue. For mid-sized companies, in the $1B to < $5B annual revenue range, agility is the #1driver of cloud adoption.
Overall, security teams’ #1 contribution is secure cloud configuration but for large enterprises, most importantly they provide guard rails and governance.
Challenges in Building and Deploying in the Cloud
The #1 challenge companies face when building and deploying to the cloud is simply meeting security requirements while integrating with on-premise technologies. This finding is even more pronounced among the largest (5000+ FTE developers) dev shops.
Processes and Automation
Risk assessments are most often done; threat modelling is least often done across all companies. For companies developing almost all their software apps in the Cloud, threat modelling drops to just 1/3. One finding is very clear: the more apps that are developed in the Cloud, the greater the need for proactive security and compliance processes.
Conclusion
What drove Cloud Adoption in the early days of its growth was number one, cost-savings, and number two, optimum resource utilization. Much has changed, with our current findings pointing to a new first place stand-out, enabling a remote workforce and secondly, bringing technology to market faster.
That said, one of our key findings for medium and large enterprises building and deploying to the cloud bears repeating as it mirrors what others evidence in purchasing cloud applications: the #1 challenge is meeting security requirements. This finding is even more pronounced among the largest enterprises (5000+ FT developers) . With 83% of IT execs and practitioners viewing Cloud adoption as the key priority for 2021, this challenge can not be ignored.
As the security challenge has come more to light, so too has the solution. Security teams are needed for secure cloud service configuration and to provide security guard rails and governance. To do so effectively, there is unanimity in the need for automated solutions. Nowhere is this more evident than in the current gaps in proactive security and compliance processes, with less than 50% of companies carrying out comprehensive threat modeling and just-in-time security training during application development. The good news is, these gaps can be filled with tools and processes available for companies willing to invest in proactive security solutions.