Enterprises regard the cloud as critical for innovation, but struggle with security

Most enterprises (85%) believe embracing the public cloud is critical to fuel innovation, but the majority are not equipped to operate in the cloud securely, according to a DivvyCloud survey of nearly 2,000 IT professionals.

In fact, of those surveyed whose organization has already adopted public cloud, only 40% have in place an approach to managing cloud and container security.

Avoiding security issues in the cloud

Only a little over half (58%) said their organization has clear guidelines and policies in place for developers building applications and operating in the public cloud. And of those, 25% said these policies are not enforced, while 17% confirmed their organization lacks clear guidelines entirely.

“Enterprises believe they must choose between innovation and security—a false choice we see manifested in the results of this report, as well as in conversations with our customers and prospects,” said Brian Johnson, CEO at DivvyCloud.

“Only 35% of respondents do not believe security impedes developers’ self-service access to best-in-class cloud services to drive innovation—meaning 65% believe they must choose between giving developers self-service access to tools that fuel innovation and remaining secure.

“The truth is, security issues in the cloud can be avoided. By employing the necessary people, processes, and systems at the same time as cloud adoption (not weeks, months, or years later), enterprises can reap the benefits of the cloud while ensuring continuous security and compliance.”

Additional key findings

Automation is coveted but not leveraged in cloud security: Nearly 70% of all respondents believe that automation can provide benefits to their organization’s cloud security strategy, but only 48% say their cloud security strategy currently incorporates products that leverage automation.

The vast majority of respondents (85%) trust automated security solutions more than or the same as human security professionals.

Developers and security are misaligned: Almost half (49%) of all respondents whose organizations use public cloud said their developers and engineers at times ignore or circumvent cloud security and compliance policies.

Enterprises lack understanding of applicable regulations and standards: Out of all respondents, 42% do not know which frameworks their company uses to maintain compliance with relevant standards and regulations (such as GDPR, HIPAA, PCI DSS, SOC 2, etc.)

Infrastructure-as-a-Service (IaaS) reigns supreme: When asked about the architectures their organizations currently use or plan to use within the next year to build apps, 42% said IaaS; among larger organizations with 10,000 or more employees, that number goes up to 53%.

The cloud is ubiquitous: Only 7% of respondents work for organizations that do not use any public cloud services, and only 5% reported no plans to adopt public cloud—a significant drop from the 11% who reported no adoption plans last year.

Enterprise multicloud strategies are declining: 64% of this year’s survey respondents confirmed their organization is using two or more cloud services, a 13% decline from last year.