Cisco, in partnership with TechTarget's Enterprise Strategy Group (ESG), conducted a survey titled “The State of Cloud Security Platforms and DevSecOps,” focusing on how organizations are managing security in cloud-native environments.
The results reveal important insights into the practices organizations should adopt to enhance their cloud security.
The survey focused on understanding the current cloud-native application development landscape and security practices among IT, cybersecurity, and application development professionals. It has collected feedback from more than 1,000 industry participants across various sectors, providing a comprehensive perspective on the challenges they face and the strategies they use to protect their cloud infrastructure and applications. The data highlights the critical need for organizations to adopt effective security measures in an increasingly complex cloud environment.
Key findings
Multi-cloud is the new normal: Most organizations now rely on multiple cloud service providers (CSPs) to support their operations, with many using more than three CSPs to meet their diverse business needs. This trend is expected to continue as more organizations turn to public, private, and hybrid clouds to meet their specific application needs, align with business preferences, and meet industry requirements. Misconfigurations pose significant risks: Misconfigurations remain a major challenge, with organizations facing increasing security incidents due to this issue. While 79% of organizations use DevOps practices, only 26% secure more than half of their cloud-native applications. This lack of early security integration has led to security vulnerabilities, application crashes, and unauthorized access. The importance of early security integration: The gap in implementation of security measures during the development process has led to an increase in security incidents, underscoring the need for a stronger focus on security from the beginning. Boost DevSecOps adoption: Nearly half of organizations plan to enhance their DevSecOps practices in the next two years, with the goal of addressing security vulnerabilities identified in their cloud applications. By integrating security tools, they can improve incident response and vulnerability management. Demand for effective remediation tools: Organizations have reported experiencing business-impacting consequences associated with attacks that occurred between the time of initial detection and the time of remediation. As a result, they are looking for advanced tools to speed up threat detection and response, reducing the impact of attacks on their operations. Investing in cloud security solutions: The survey indicates a strong consensus on the need to invest in cloud security and DevSecOps platforms over the next year, including solutions such as cloud workload protection and entitlements management.
With many companies relying on multiple cloud providers, vulnerabilities related to misconfigurations and inadequate security integration during development can lead to serious risks, including data breaches and operational disruptions. As organizations plan to invest in cloud security platforms and enhance their DevSecOps practices, these insights serve as a vital guide to improving security strategies and enhancing resilience in cloud infrastructure.
Image credit: Cisco
