SUSE, a global leader in innovative, open and secure enterprise-grade solutions, released findings from its industry trend report “Securing the Cloud,” which sheds light on the pressing challenges faced by IT teams in securing cloud environments and offers insights into effective solutions. Based on comprehensive polling of 501 C-suite to IT professionals across the United States, Germany and the United Kingdom, the report highlights the state of cloud native adoption, major security concerns, and how to address them.
Dr. Thomas Di Giacomo, Chief Technology and Product Officer of SUSE, said, “At SUSE, we recognize that every business is on a journey of digital transformation, a transformation to be vastly accelerated by open source solutions. Our ‘Securing the Cloud‘ trend report highlights the perspectives of IT teams grappling with the growing adoption of complex cloud native technologies. The global threat landscape is continuously evolving to create new security challenges. We are well positioned to support businesses choosing secure open source solutions for their most mission-critical and innovative workloads as they transform with the cloud.”
Cloud security fear is growing and a top priority
The survey found IT decision makers have experienced, on average, four cloud-related security incidents in the past year, going up to five for those in the US and down to three for those in Europe. This contributes to concerns about security holding back cloud technologies, as 88% of professionals agreed that if they were certain about the integrity of their data, they would be more inclined to migrate additional workloads to the cloud and edge.
- Data stores as top cloud security concern: 31% of respondents named data stores hosted by cloud or third parties as their top cloud security concern
- Strong secondary concerns: Runtime attacks from threat actors, security policy management, federation, and automation follow closely behind data stores as secondary concerns (29% each)
- US vs. European cloud security priorities: U.S. IT decision makers (35%) are significantly more likely than those in Europe (25%) to believe that security policy management, federation and automation are among their biggest cloud security concerns.
CIO INFLUENCE: CIO Influence Interview with Pete Lilley, Vice President and GM at Instaclustr
Cloud native security accounts for over a third of overall IT budgets
On average, those surveyed said they spend just over a third (36%) of their overall IT budget on cloud native security. This is significantly higher for U.S. (42%) than European (33%) respondents.
In terms of current cloud security practices, both security automation and container firewall are widely adopted, each accounting for 38% of the overall usage. This is followed by security policies and management tools provided by cloud vendors at 36% and security policy automation at 34%. Several cloud security practices exhibit significantly higher popularity among IT decision makers based in the US compared to their counterparts in Europe. These practices include CSPM (Cloud Security Posture Management), CWPP (Cloud Workload Protection Platform) and CNAPP (Cloud Native Application Protection Platform) solutions, which are favored by 42% of U.S.-based decision makers compared to 26% in Europe.
Similarly, the usage of free or paid observability or security tools is higher among U.S. decision makers (33%) compared to those in Europe (24%). The same trend can be observed for PSP (Policy Security Policy) or PSA (Policy Security Automation) policies (31% versus 22%), Kubernetes network policies (32% versus 15%), and free CVE (Common Vulnerabilities and Exposures) or paid scanner (26% to 18%).
CIO INFLUENCE: Nextira Selected by Ansys Technology Partner Program to Support Customers Implementing Ansys Gateway Powered by AWS
Qualitative feedback from respondents highlighted that open source software carries key benefits: capturing developer attention and harnessing the openness of the code plus the collective wisdom to identify potential security vulnerabilities.
Source-code auditability will emerge as a next battleground
In the coming years, a significant portion of IT decision makers (33%) foresee increased re-evaluation and prioritization of goals related to source-code auditability, the process of running tests and manual codebase inspection to detect bug. While 30% will prioritize build quality and 28% of respondents will prioritize SBOM depth/quality/security.
When comparing respondents based in the U.S. and Europe, it is evident that U.S. respondents will place a higher priority on source-code auditability (45%) and SBOM depth/quality/security (36%) to ensure businesses meet supply chain security goals. In comparison, Germany and the U.K. are falling behind in terms of source-code auditing priorities (just 23% and 26%, respectively), and spend less on cloud native security. On the other hand, European participants (40%) are significantly more likely to anticipate a re-evaluation of goals on build quality compared to their U.S. counterparts (15%).
CIO INFLUENCE: General Data Protection Regulation (GDPR) Anniversary
[To share your insights with us, please write to sghosh@martechseries.com]