Organizations and the cloud: How they use it and how they secure it

The Cloud Security Alliance (CSA) released the findings of its latest survey which offers insight into companies’ plans regarding cloud and security strategy, cloud services, and cloud-related technologies.

“Cloud is a continuously evolving space with new services, strategies, and technologies springing up seemingly overnight. It’s imperative, therefore, that organizations regularly change and adapt their approach to cloud and cloud security,” said Hillary Baron, lead author and research analyst, Cloud Security Alliance.

“While many of the survey’s findings were in line with what we would expect, it was surprising that some technologies that have garnered the most hype are not, in fact, what organizations are planning to implement.”

Few have a fully implemented privacy-by-design strategy

Despite the introduction of the GDPR in 2018, privacy-by-design is in the development stage with 65% of the organizations either currently building or planning to build the strategies, while only eight percent of respondents indicated having a fully implemented privacy-by-design strategy.

Similarly, the survey found that while blockchain and distributed ledger technology have been hyped for years, implementation rates have stagnated, likely as a result of high failure rates stemming from a lack of technical knowledge coupled with a high demand on resources. Quantum-safe security and 5G are also not seeing widespread implementation to date, with further analysis needed to analyze causes and predict a more robust implementation timeline.

“The results of this survey were just as notable for what it did find, as what it didn’t reveal. The growing popularity of artificial intelligence, machine learning, and zero trust, for instance, was definitely in keeping with what we have been hearing anecdotally across the industry, but there were also some surprises in what companies aren’t using.

“While multi-cloud adoption is strongly favored, many organizations are facing challenges in taking deployments to a next level. There is a higher need to provide security technologies that help alleviate these concerns,” said Satya Divadari, Head of Enterprise Security Architecture, CyberRes.

Companies’ cloud technologies plans

• Organizations are utilizing multi-cloud despite the challenges.
• Although the concept of privacy-by-design was introduced over a decade ago, 26 percent of organizations have no plans to implement a privacy-by-design strategy, indicating low maturity in this space.
• The top three cloud-related technologies that organizations plan to implement in the next two years are zero trust (60%), artificial intelligence (AI)/machine learning (43%), and serverless computing (42%).
• Use of software-defined perimeter (47%), attack service management (45%), and Cloud Security Posture Management (45%) is expected to increase in the next two years.
• The top technologies that organizations are not planning to use are blockchain (59%), quantum-safe security (54%), and 5G (49%).