The global pandemic, and associated surge in remote work, has accelerated a massive move to cloud with cloud-first organisations now outnumbering on premise organizations by a ratio of three-to-one.
This was highlighted in a study by Devo Technology, a cloud-native logging and security analytics company, which assessed the current state and pace of change with regards to enterprise cloud transformation initiatives and the ramifications on teams running a Security
As many as 81% of organisations voicing that COVID had accelerated their cloud timelines and plans. Across these companies, there was a 200% jump in organizations planning to move more than 75% of their apps/workloads to the cloud, with 86% of companies placing cloud options in their decision process for new applications, and more than 40% choosing the cloud as their first option.
Jon Oltsik, senior principal analyst & ESG fellow, said: “It could not be more clear from our conversations with these companies that cloud considerations are no longer a project-based decision, but an ‘all-in’ business strategy.
“Even at a time of increasing regulations and risks—and increasing IT complexity driven by cloud computing proliferation – organisations are moving aggressively to transform their businesses.”
With such a massive and rapid shift, the current infrastructure of technology and people are not well aligned with these new realities, according to Devo Technology. Respondents cited significant issues of complexity and overload – most notably, 80% citing as much as 40% more security data on which they need to analyze and act. The staffing costs are also high with 41% citing challenges of increased workload, and 35% identifying a security skill mismatch – all resulting in higher exposure. In 60% of organisations, they have seen an increase in threat and attack complexity and in more than 60%, it has exposed weaknesses in legacy security toolsets.
Ted Julian, SVP of product at Devo, said: “While dramatic change is a constant in security, it’s safe to say that 2020 challenged security professionals in unprecedented ways.
“An amazing and encouraging finding of this study is that nearly a quarter of organizations didn’t just weather the storm of change, they turned it into an opportunity to build for the future.”
ESG designated the 22% of organisations deemed high performing as ‘Cloud Evangelists’, characterising them as businesses with high adoption rates of cloud and cloud-based security controls.
With nearly 80% of these organisations seeing an increase in security spending for cloud, those moving aggressively to transform their security made substantive changes, including:
More than 40% have implemented automated security processes to detect and respond to attacks on cloud workloads.
More than half have instituted cloud security training for the SOC, and 36% added security staff.
Nearly 90% believe their organisation’s public cloud security spending will increase over the next 12 months
The all-in approach taken by Cloud Evangelists has not only allowed organisations to keep pace with change, but also positively affect the operational strength of the business overall, according to Devo Technology. More than 50% said these security changes increased the pace of application development and deployment, and 62% indicated it eased the ability to adopt new technologies. Finally, 56% cited “high confidence” in security visibility into cloud workloads.
These changes by Cloud Evangelists highlight the organisational differences from another group identified in the report, Cloud Adopters (11% of survey participants), which represents organisations that are adopting cloud computing but are not as aggressive toward adoption of cloud-based security controls. When it comes to this group that are on the right track of shifting to the cloud, the report findings showed:
Adopters report a less significant positive impact of cloud computing on adopting new technologies, with only 42% reporting positive impact.
Adopters are also playing catch up to Evangelist when it comes to resources. 36% of Adopters are adding capacity or resources to security compared to 48% among Evangelists.
Adopters are nearly neck-and-neck with Evangelists with 24% strongly agreeing that adopting cloud computing exposed limitations of existing tools in providing security visibility.
The survey was conducted by the Enterprise Strategy Group (ESG) and involved 500 IT and security personnel in the ‘SOC chain of command’ at enterprise-class (i.e., more than 1,000 employees) organisations in North America and Western Europe in January 2021.