- Half of developers and engineers bypass cloud security or compliance policies, according to a DivvyCloud survey of almost 2,000 IT professionals in 2019. But only 58% of organizations have guidelines for developers for building applications in a public cloud.
- While 93% of enterprises are using public cloud, only 40% have cloud and container security strategies. Nearly half, 45%, of respondents said their organizations don't have a cloud management platform, cloud security posture management, cloud access security broker, or cloud workload protection platform.
- In 2019, only 64% of respondents were using two or more cloud services, down from 77% the year prior. The decline likely stemmed from complex security strategies, DivvyCloud said.
While industry knows cloud is king, organizations still struggle to find their rhythm in adoption. Despite the age of software as a service, 5% of organizations have no plans for adopting public cloud and 7% don't use public cloud services, according to the report.
"For many, the move to cloud computing really is the move to software-defined infrastructure," Chris Hertz, chief revenue officer at DivvyCloud, told CIO Dive. It means that for the first time "developers have unfettered access to provision and configure their own infrastructure."
Nearly one-third of respondents who are not adopting public cloud are larger organizations — those with 10,000 or more employees, according to the report. Because large organizations "aren't always homogenous" with layers of business units, "more advanced" business units will adopt the cloud before everyone else.
Most of the security workforce "came of age" before the cloud and in larger organizations data centers account for most of computing, said Hertz. The workforce is facing a paradigm shift of what perimeter protection is, or what it used to be.
Security is no longer "a command and control approach," Hertz said. "Security must be truly democratized to be a function of everyone who is interacting with cloud services."
The larger the company, the larger security target they are. Equifax and Capital One's data breaches resulted from flaws in web applications. Data breaches are a top of mind issue as they cost enterprises $5 trillion in 2018 and 2019.
The majority of breaches, 59%, were caused by cloud misconfigurations, according to the report.
Ultimately misconfigurations don't fall onto the cloud provider as they ensure security of the cloud while their customers are responsible for what's in the cloud.
Before the cloud, there was usually a select group of individuals well-versed in security and privacy compliance measures. However, because the cloud democratized workflows, a "knowledge gap" is forming, said Hertz. There are "people now involved in the creation and configuration of cloud services don't understand the compliance requirements or don’t fully understand them."