New Report Shows Cloud Adoption Ambivalence

Did you see the new report published by DivvyCloud? It was their 2020 State of Enterprise Cloud Adoption and Security report, and they released it in early April. 

This report shows that, as Thomas Martin, the founder of NephōSec, put it, “…in almost all cases, legacy IT processes and policies have not kept pace with how cloud resources are being deployed.”

Most astonishingly, this report finds that 85% of enterprises believe cloud adoption is necessary for innovation, but less than half are equipped to operate in the cloud securely. Furthermore, only 58% of enterprises have clear guidelines and policies for developers building applications in the cloud, and 25% say these policies are not enforced.

“Enterprises believe they must choose between innovation and security—a false choice we see manifested in the results of this report, as well as in conversations with our customers and prospects,” said Brian Johnson, chief executive officer and co-founder at DivvyCloud in the pre-launch press release. 

He continued, “Only 35% of respondents do not believe security impedes developers’ self-service access to best-in-class cloud services to drive innovation—meaning 65% believe they must choose between giving developers self-service access to tools that fuel innovation and remaining secure.

“The truth is, security issues in the cloud can be avoided. By employing the necessary people, processes, and systems at the same time as cloud adoption (not weeks, months, or years later), enterprises can reap the benefits of the cloud while ensuring continuous security and compliance.” 

Additional key findings of the report include: 

  • Automation is Coveted but Not Leveraged in Cloud Security: Nearly 70% of all respondents believe that automation can provide benefits to their organization’s cloud security strategy, but only 48% say their cloud security strategy currently incorporates products that leverage automation. The vast majority of respondents (85%) trust automated security solutions more than or the same as human security professionals.
  • Developers and Security are Misaligned: Almost half (49%) of all respondents whose organizations use public cloud said their developers and engineers at times ignore or circumvent cloud security and compliance policies.
  • Enterprises Lack Understanding of Applicable Regulations and Standards: Out of all respondents, 42% do not know which frameworks their company uses to maintain compliance with relevant standards and regulations (such as GDPR, HIPAA, PCI DSS, SOC 2, etc.)
  • Infrastructure-as-a-Service (IaaS) Reigns Supreme: When asked about the architectures their organizations currently use or plan to use within the next year to build apps, 42% said IaaS; among larger organizations with 10,000 or more employees, that number goes up to 53%
  • The Cloud is Ubiquitous: Only 7% of respondents work for organizations that do not use any public cloud services, and only 5% reported no plans to adopt public cloud—a significant drop from the 11% who reported no adoption plans last year
  • Enterprise Multicloud Strategies are Declining: 64% of this year’s survey respondents confirmed their organization is using two or more cloud services, a 13% decline from last year

Click here to get your copy of the 2020 State of Enterprise Cloud Adoption and Security report.