Cisco, in partnership with TechTarget’s Enterprise Strategy Group (ESG), conducted a survey, “The State of Cloud Security Platforms and DevSecOps,” focusing on how organizations are managing security in cloud-native environments. The findings reveal important insights into the practices that organizations must adopt to enhance their cloud security.
The survey focused on understanding the current landscape of cloud-native application development and security practices among IT, cybersecurity, and application development professionals. It gathered feedback from over 1,000 industry respondents across various sectors, providing a well-rounded perspective on the challenges they face and the strategies they employ to protect their cloud infrastructure and applications. The data highlights the crucial need for organizations to adopt effective security measures in an increasingly complex cloud environment.
Key Findings
- Multicloud is the New Normal: Most organizations now rely on multiple cloud service providers (CSPs) to support their operations, with many using over three CSPs to meet diverse business needs. This trend is expected to persist as more organizations turn to public, private, and hybrid clouds to address their specific application needs, align with business preferences, and fulfill industry requirements.
- Misconfigurations Present Major Risks: Misconfigurations remain a significant challenge, with organizations experiencing increased security incidents due to this issue. While 79% of organizations are using DevOps practices, only 26% secure more than half of their cloud-native applications. This lack of early security integration has resulted in vulnerabilities, application downtime, and unauthorized access.
- Importance of Early Security Integration: The gap in implementing security measures during the development process has led to increased security incidents, underscoring the need for a stronger focus on security from the outset.
- Strengthening DevSecOps Adoption: Nearly half of organizations plan to enhance their DevSecOps practices in the next two years, aiming to address the security weaknesses identified in their cloud applications. By integrating security tools, they can improve incident response and vulnerability management.
- Demand for Efficient Remediation Tools: Organizations report experiencing business-impacting consequences tied to attacks that occurred between initial detection and remediation time. As a result, they are seeking advanced tools to accelerate threat detection and response, reducing the impact of attacks on their operations.
- Investing in Cloud Security Solutions: The survey indicates a strong consensus on the need for investment in cloud security platforms and DevSecOps within the next year, encompassing solutions like cloud workload protection and entitlement management.
With many businesses relying on multiple cloud service providers, vulnerabilities related to misconfigurations and insufficient security integration during development can lead to serious risks, including data breaches and operational disruptions. As organizations plan to invest in cloud security platforms and enhance their DevSecOps practices, these insights serve as a vital guide for improving security strategies and fostering resilience in cloud infrastructure.