SUSE yesterday released findings from its industry trend report "Securing the Cloud" which sheds light on the pressing challenges faced by IT teams in securing cloud environments and offers insights into effective solutions. Based on comprehensive polling of 501 C-suite to IT professionals across the United States, Germany and the United Kingdom, the report highlights the state of cloud native adoption, major security concerns, and how to address them.
The survey found IT decision makers have experienced, on average, four cloud-related security incidents in the past year, going up to five for those in the U.S. and down to three for those in Europe. This contributes to concerns about security holding back cloud technologies, as 88% of professionals agreed that if they were certain about the integrity of their data, they would be more inclined to migrate additional workloads to the cloud and edge.
- Data stores as top cloud security concern: 31% of respondents named data stores hosted by cloud or third parties as their top cloud security concern
- Strong secondary concerns: Runtime attacks from threat actors, security policy management, federation, and automation follow closely behind data stores as secondary concerns (29% each)
- U.S. vs. European cloud security priorities: U.S. IT decision makers (35%) are significantly more likely than those in Europe (25%) to believe that security policy management, federation and automation are among their biggest cloud security concerns.
On average, those surveyed said they spend just over a third (36%) of their overall IT budget on cloud native security. This is significantly higher for U.S. (42%) than European (33%) respondents.
In terms of current cloud security practices, both security automation and container firewall are widely adopted, each accounting for 38% of the overall usage. This is followed by security policies and management tools provided by cloud vendors at 36% and security policy automation at 34%. Several cloud security practices exhibit significantly higher popularity among IT decision makers based in the U.S. compared to their counterparts in Europe. These practices include CSPM (Cloud Security Posture Management), CWPP (Cloud Workload Protection Platform) and CNAPP (Cloud Native Application Protection Platform) solutions, which are favored by 42% of U.S.-based decision makers compared to 26% in Europe.
Similarly, the usage of free or paid observability or security tools is higher among U.S. decision makers (33%) compared to those in Europe (24%). The same trend can be observed for PSP (Policy Security Policy) or PSA (Policy Security Automation) policies (31% versus 22%), Kubernetes network policies (32% versus 15%), and free CVE (Common Vulnerabilities and Exposures) or paid scanner (26% to 18%).
In the coming years, a significant portion of IT decision makers (33%) foresee increased re-evaluation and prioritization of goals related to source-code auditability, the process of running tests and manual codebase inspection to detect bug. While 30% will prioritize build quality and 28% of respondents will prioritize SBOM depth/quality/security.
When comparing respondents based in the U.S. and Europe, it is evident that U.S. respondents will place a higher priority on source-code auditability (45%) and SBOM depth/quality/security (36%) to ensure businesses meet supply chain security goals. In comparison, Germany and the U.K. are falling behind in terms of source-code auditing priorities (just 23% and 26%, respectively), and spend less on cloud native security. On the other hand, European participants (40%) are significantly more likely to anticipate a re-evaluation of goals on build quality compared to their U.S. counterparts (15%).
Source: more.suse.com/securing-the-cloud-report_download-thank-you.html
Thomas Di Giacomo, Chief Technology and Product Officer of SUSE
At SUSE, we recognize that every business is on a journey of digital transformation, a transformation to be vastly accelerated by open source solutions. Our 'Securing the Cloud' trend report highlights the perspectives of IT teams grappling with the growing adoption of complex cloud native technologies. The global threat landscape is continuously evolving to create new security challenges. We are well positioned to support businesses choosing secure open source solutions for their most mission-critical and innovative workloads as they transform with the cloud.
