Cloud Security Report
Companies have increased cloud usage by more than 25 percent during the pandemic
Palo Alto Networks surveyed companies around the world about their cloud usage and the associated consequences / measures in terms of cyber security. The results of the “2022 State of Cloud Native Security Report” are published today.
As the unique capabilities of the cloud evolve, so do the methods companies use to drive their business. Therefore, this study contains research results that are particularly concerned with the latest concerns and topics of the Cloud Native Security community, including automation, DevSecOps, security status, the use of open source and much more. The goal of producing this report remains the same every year: companies should gain insights that will help them implement the cloud and security in 2022 and beyond.
Cloud expansion and strategy
Companies have rapidly expanded their use of clouds by more than 25 percent overall during the pandemic, but have struggled with comprehensive security, compliance and technical complexity.
Expansion with less budget: 39 percent of companies spent less than $10 million on their cloud (16 percent more than in 2020) and only 26 percent spent more than $ 50 million (17 percent less than in 2020).
While companies continue to use various compute options, platform-as-a-service (PaaS) and serverless approaches increased by 20 percent, which probably supports the rapid transition to the cloud, while the use of containers and container-as-a-service (CaaS) recorded more moderate growth.
Security status and challenges
Companies with a strong security status are more than twice as likely to have only a low level of security problems. The participants were asked to what extent they believe that cloud security supports or restricts their operations. This highlights the need for a two-pronged approach to cloud security with effective security features that do not interfere with teams outside the security sphere.
Companies with first-class safety precautions see the greatest benefits for their employees in terms of productivity and satisfaction. 80 Percent of companies with a high security standard and 85 percent of companies with low security difficulties reported a higher productivity of their employees.
The majority of companies (55 percent) reported a weak security position and believe that they need to improve the underlying activities, such as achieving multi-cloud transparency, applying more consistent governance across all accounts, or streamlining incident response and incident investigation to achieve a stronger position.
80 Percent of companies that primarily use open source security tools have a weak or very weak security position, compared to 26 percent of those who primarily use their cloud service provider and 52 percent of those who are dependent on third-party providers. This makes it clear that putting together a platform with different tools affects the security of an enterprise.
Companies are consolidating their approach to security. Nearly three-quarters of companies use ten or fewer security tools. The number of companies using only one to five security providers has increased by 27 percent compared to the data for 2020, which suggests that they are turning to fewer security providers for more features.
Companies that have implemented a high level of security automation are twice as likely to have low friction losses and to occupy a strong position than companies with a low level of security automation.
How well companies have adopted and implemented DevSecOps methods is the most important indicator of first-class security. Companies that closely integrate DevSecOps principles are more than 7 times more likely to have a strong or very strong security position. The probability that you have minor security problems is 9 times as high.