Cisco in partnership with TechTarget’s Enterprise Strategy Group (ESG) conducted a survey, “The State of Cloud Security Platforms and DevSecOps,” focusing on how organisations are managing security in cloud-native environments.
The findings reveal important insights into the practices that organisations must adopt to enhance their cloud security.
The survey focused on understanding the current landscape of cloud-native application development and security practices among IT, cybersecurity, and application development professionals. It gathered feedback from over 1,000 industry respondents across various sectors, providing a well-rounded perspective on the challenges they face and the strategies they employ to protect their cloud infrastructure and applications. The data highlights the crucial need for organisations to adopt effective security measures in an increasingly complex cloud environment.
Key Findings
- Multicloud is the New Normal: Most organisations now rely on multiple cloud service providers (CSPs) to support their operations, with many using over three CSPs to meet diverse business needs. This trend is expected to persist as more organisations turn to public, private, and hybrid clouds to address their specific application needs, align with business preferences, and fulfil industry requirements.
- Misconfigurations Present Major Risks: Misconfigurations remain a significant challenge, with organisations experiencing increased security incidents due to this issue. While 79% of organisations are using DevOps practices, only 26% secure more than half of their cloud-native applications. This lack of early security integration has resulted in vulnerabilities, application downtime, and unauthorized access.
- Importance of Early Security Integration: The gap in implementing security measures during the development process has led to increased security incidents, underscoring the need for a stronger focus on security from the outset.
- Strengthening DevSecOps Adoption: Nearly half of organisations plan to enhance their DevSecOps practices in the next two years, aiming to address the security weaknesses identified in their cloud applications. By integrating security tools, they can improve incident response and vulnerability management.
- Demand for Efficient Remediation Tools: Organisations report experiencing business-impacting consequences tied to attacks that occurred between initial detection and remediation time. As a result, they are seeking advanced tools to accelerate threat detection and response, reducing the impact of attacks on their operations.
- Investing in Cloud Security Solutions: The survey indicates a strong consensus on the need for investment in cloud security platforms and DevSecOps within the next year, encompassing solutions like cloud workload protection and entitlement management.
With many businesses relying on multiple cloud service providers, vulnerabilities related to misconfigurations and insufficient security integration during development can lead to serious risks, including data breaches and operational disruptions. As organisations plan to invest in cloud security platforms and enhance their DevSecOps practices, these insights serve as a vital guide for improving security strategies and fostering resilience in cloud infrastructure.
Image Credit: Cisco
