Organizations are moving applications to the cloud and embracing digital transformation strategies to speed development cycles and better serve employees, partners, and customers. However, the subsequent faster release cycles and broad internet exposure increases the number of potential security incidents caused by misconfigurations, including a high number of those that are identity-related. Security teams are looking for efficient ways to drive actions that reduce security risk, including trimming excessive access permissions and fixing coding issues that make them vulnerable to attack.
In order to gain further insights into these trends, TechTarget’s Enterprise Strategy Group (ESG) surveyed 383 IT and cybersecurity decision makers responsible for evaluating or purchasing cloud security technology products and services at midmarket (100 to 999 employees) and enterprise (1,000 or more employees) organizations in North America (US and Canada).
This study sought to answer the following questions:
- Of all the production server workloads used by organizations, approximately what percentage is run on public cloud infrastructure services today? How is this expected to change over the next 24 months?
- To what extent do organizations plan to incorporate security processes and controls via their DevOps processes (i.e., DevSecOps)?
- What are the biggest cloud security challenges organizations face? What issues, if any, associated with the misconfiguration of a cloud application or service have organizations detected within the last 12 months?
- What were the most effective steps organizations have taken to improve the security posture of their cloud-native applications, infrastructure, and development environment?
- Which group has the primary responsibility for securing organizations’ cloud-native applications and infrastructure? Which groups implement and operate the cybersecurity controls organizations employ to secure cloud-native applications?
- What role, if any, did cloud entitlements play in any cybersecurity incidents organizations experienced due to multiple misconfigurations? Have cloud entitlements caused organizations to fail a security audit?
- How important is CIEM to organizations in terms of reducing security risk?
- What are the top business drivers behind investments in CSPM? What attributes would be most attractive to organizations as part of a comprehensive CSPM product offering?
- What types of CSPM tools are organizations using?
- Relative to other areas of cybersecurity, how do organizations expect their level of investment in CSPM to change, if at all, over the next 12 months?
Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.