Palo Alto Networks Global State of Cloud-Native Security Survey
This Survey Revealed 90% of Organizations Cannot Detect, Contain and Resolve Cyberthreats Within an Hour
Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, published its 2023 State of Cloud-Native Security Report. The report surveyed more than 2,500 C-level executives around the world to better understand their cloud adoption strategies, and how those strategies are working.
With organizations of all sizes moving more of their operations to the cloud, a majority are struggling to automate cloud security and mitigate risks. It’s one reason why many companies are trying to improve security earlier in the development process, and looking for fewer vendors that can offer more security capabilities.
Cloud Use Has Grown, Along With Security Concerns – The expansion of hybrid work during the pandemic drove organizations to expand their use of clouds by more than 25%. As a result, DevOps teams are being pressed to deliver production code at warp speed — making application security more complex, and putting pressure on security organizations to keep pace.
Most Organizations are Slow to Detect and Respond to Threats – 90% of organizations we surveyed said they cannot detect, contain and resolve cyber threats within an hour. A majority reported a weak security posture, and believe they need to improve their underlying activities — from gaining visibility into multiple clouds, to applying more consistent governance across accounts, to streamlining incident response and investigation.
Teams Don’t Understand Their Security Responsibilities – When asked about the challenges of moving to the cloud, respondents’ top concerns remained unchanged from our 2020 report: struggles with comprehensive security, compliance, and technical complexity. A large majority (78%) of organizations said they have distributed responsibility for cloud security to individual teams, but almost half (47%) said a majority of their workforce does not understand their security responsibilities.
A Greater Need for Code-to-Cloud Security – As more applications are being built in the cloud using off-the-shelf software, there’s a risk that any vulnerability in the development process could compromise an entire application later on. That’s why more companies are encouraging a deeper level of engagement between application developers and security tools and teams — with 81% of respondents saying they have embedded security professionals inside their DevOps teams.
“With three out of four organizations deploying new or updated code to production weekly, and almost 40% committing new code daily, no one can afford to overlook the security of cloud workloads,” said Ankur Shah, senior vice president, Prisma Cloud, Palo Alto Networks. “As cloud adoption and expansion continues, organizations need to adopt a platform approach that secures applications from code to cloud across multicloud environments.”
Moving Towards Consolidation – Three quarters of the leaders we surveyed say they struggle to identify which security tools are necessary to achieve their objectives. This has led many of them to implement numerous single point solutions — with the average organization using more than 30 security tools, including six to 10 dedicated to cloud security.
The sheer number of security tools makes it difficult for leaders to have in-depth visibility into their entire cloud portfolio. 76% of survey respondents reported that using multiple security tools creates blind spots that affect their ability to prioritize risk and prevent threats. And 80% said they would benefit from a centralized security solution that sits across all of their cloud accounts and services.
A Clear Path Forward – Despite the upheaval caused by the pandemic, organizations have mostly been able to succeed in their cloud expansions — and organizations that made cloud infrastructure a strategic focus across the business were generally more successful. This makes cloud security a clear enabler of business outcomes.
Of course better security does not guarantee success. But having security under control — consolidating tools and vendors and using proven DevSecOps and security automation strategies — lets development teams do their jobs better, and gives organizations the tools they need to succeed.