Is security the reason for growth in cloud applications or the barrier to its adoption? Both may be true.
Cloud usage among enterprises continues its upward trends, outpacing fast-growth expectations of only just a few years ago. In 2018, a well-researched forecast was that by 2021, 35% of all enterprise workloads would be in public cloud applications; today, it globally stands at 50%, with expectations of an additional 7% point gain in the next year. Security concerns have been a major impetus of this growth, with an increasing need for organizations to adjust their security posture to both keep attackers out (cybersecurity) and to minimize the damage caused once they are in (cyber resilience).
According to The 2021 State of Cloud Adoption, 52% of the software applications being developed in mid-sized to large enterprises are cloud-based, and another 30% are expected to migrate to the cloud within the next two years. However, ensuring a secure cloud infrastructure requires a substantial investment in skills dedicated to designing processes that take both risks and business needs into account. Organizations are struggling to develop cloud applications that meet security requirements and that integrate with existing on-premise technologies.
Across enterprises and mid-market organizations in a wide range of industries—including finance, insurance, manufacturing, retail as well as government—there is an urgent need for automated security solutions that enable software development to keep pace with business demands.
Inside this growth in cloud-based applications, a security paradox presents a barrier to adoption. Fully, 83 % of IT executives and practitioners indicate security is a major challenge in cloud adoption. Cloud maturity does not lessen the severity of this challenge. For advanced users, managing cloud technology remains a top challenge.
What has been missing in much of the research done to date, is an understanding of the challenges medium and large enterprises encounter with applications they build and deploy. While prior forecasts may have been off, this original research underscores one truism from experts who foresaw the future in this field: "Security isn’t icing on top of a cake. It needs to be baked in from the start."
What drove cloud migration in the early days of its growth was number one, cost-savings, and number two, optimum resource utilization. Much has changed, with current research pointing to a new first place stand-out, enabling a remote workforce and secondly, bringing technology to market faster. Increasing agility was another top reason for could adoption. Cloud cost on the other hand was ranked a distant fourth.
As the security challenge has come more to light, so too has the solution. “Businesses migrating to the cloud is not a new phenomenon, but the frequency with which these migrations are occurring has skyrocketed since the start of the COVID-19 pandemic. Organizations are facing more pressure to effectively develop their software in the cloud in a way that allows them to keep pace with competitors,” according to Rohit Sethi, CEO, Security Compass. “As cloud adoption continues to rise every year, it is essential that companies embrace proactive, automated security solutions in the applications that they build.”
Security teams are essential for secure cloud service configuration and to provide security guard rails and governance. To do so effectively, there is unanimity among experts involved in the need for automated solutions. Nowhere is this more evident than in the current gaps in proactive security and compliance processes, with less than 50% of companies carrying out comprehensive threat modeling and just-in-time security training during application development. The good news is that these gaps can be filled with tools and processes available for companies willing to invest in proactive security solutions.