Organizations that take a pragmatic approach to securing the use of user- and business-unit-led-cloud services realize appreciable business benefits compared with organizations that take more draconian, coarse-grained approaches. According to a report conducted by the Enterprise Strategy Group, only 21% of organizations have adopted this kind of pragmatic approach.
Organizations are at different stages of their journey with respect to the maturity of their approach to cloud security, both in terms of their strategic approach to the cloud as well as tactical measures.
The report establishes three fundamentally different stages of cloud security maturity, “discoverers” who primarily deploy cloud access security brokers (CASBs) to discover and assess shadow IT or user-led cloud services; “controllers” who apply cybersecurity policies, processes, and CASB technology to realize the fundamental cybersecurity outcomes of preventing data loss and the introduction of threats; and the most mature category known as “enablers,” who are well aware of the use of user-led applications, but take a fundamentally different approach by securely enabling the business value they deliver to the organization.
“The data in this report shows that many organizations, including ‘enablers,’ still have work to do to fully realize the advantages of the cloud,” said Sanjay Beri, CEO, Netskope. “To help the industry move closer to the final stage of maturity, we have developed a self-assessment tool for enterprises to gauge their process on the cloud security journey, and we look forward to working with enterprises around the world to accelerate their adoption of cloud services.”
According to the report, 48% of respondents were categorized as discoverers, 31% as controllers, and 21% as enablers. Other key findings include:
Cloud security maturity can affect financial performance: “Enablers” reported exceeding their revenue expectations by 4.9% on average. Alternatively, “controllers” and “discoverers” reported 3.6%, indicating that obstruction of the use of user-led cloud services can negatively affect financial performance.
Increased cloud security maturity leads to an increase in productivity: Nearly half of “enablers” reported user-led cloud services had a strong positive impact on productivity. Only 17% of “discoverers” and 23% of “controllers” reported the same.
Cloud Security Architect role can accelerate maturity: While nearly two-thirds of respondents reported their organization had a CISO, only 23% indicated their company had a cloud security architect. Architects are not only steeped in the technical differences of cloud services, but also have a deep appreciation for the business agility cloud services provide. “Enablers” are more than twice as likely as other organizations to employ these leaders.
“User- and business-unit-led cloud services have challenged the traditional role of enterprise IT and security teams, demanding that these teams now decide how, not if, they will secure their organization’s use of the cloud,” said Doug Cahill, senior analyst and group director, Enterprise Strategy Group. “This research highlights that organizations with the most mature approach to cloud services not only enjoy the most tangible business benefits, but also do so while mitigating their overall cloud security risk posture.”
Survey respondents were located in North America, Western Europe, and Asia Pacific. 88% of respondents worked at organizations with more than 1,000 employees, while 12% worked at organizations with 500-999 employees. Respondents worked for organizations in multiple industries, including manufacturing, financial services, healthcare, retail, and business services, among others.