The State of Cloud-Native Security, 2023 Report

THE ONLY CONSTANT IS CHANGE

Few can relate to the adage like cloud security professionals.

Cloud security is dynamic and unpredictable, but the move to hybrid work has accelerated change and increased the complexity of application security. As cloud-native application development evolves, so too do organizations’ cloud infrastructure (80% of survey respondents say their cloud infrastructure is evolving). What’s more, the cloud has changed the applications lifecycle, with DevOps now delivering production code at warp speed and security personnel struggling to keep pace.

More than 75% of respondents from this year’s survey are deploying new or updated code to production weekly, and almost 40% are committing new code daily. Add to that the ratio of ten developers for every security professional and the potential for challenges in scale and complexity are not difficult to understand.

In contrast to on-prem environments, cloud computing follows a shared responsibility model. Responsibility for the infrastructure (e.g., compute, networking, and storage) is held with the cloud service provider (CSP) and responsibility for security is shared between the CSP and their customers. But the sharing stops when it comes to responsibility for customers’ applications, data, and access management. Organizations’ security and development teams own this responsibility and must collaborate to successfully secure their cloud environments.

To equip these teams with the resources they need, it’s necessary to understand the challenges they face (whether emergent or perennial), the solutions they use, and the effectiveness of solutions in helping them meet their responsibilities.

How are organizations choosing security tools, and how are those tools being operationalized? Which practices are producing the best security outcomes, and which are hampering efforts? We explored these questions and others in our annual multi-industry survey on the state of cloud-native security.