Cybersecurity is a growing concern.
A successful technology company listens to its customers. Vendors of every size maintain customer advisory councils for face-to-face input. They hold focus groups and engage industry analysts. These companies also commission primary research to get a feel for where the market is heading and how their products must evolve to stay relevant.
While every company pursues such customer research to some degree, only some share the results with the world. After all, why should I enable my competitor? Doing so takes confidence. Palo Alto Networks has that confidence, releasing the results of its 2023 State of Cloud-Native Security Report this week.
This is the third year that Palo Alto Networks published its global survey of more than 2,500 C-level executives. The survey is designed to help better understand enterprise cloud and cloud-native adoption, highlighting those areas where security is a concern. Some of the results are predictable, but you might be surprised by others. I know I was.
Every enterprise has some presence in the cloud, so it’s almost become cliché to talk about how IT is now a hybrid-cloud world. As we’ve embraced the cloud, we’ve also embraced cloud-native architectures for application packaging and deployment. Containers are commonplace and only growing in adoption.
Palo Alto Networks reports that organizations have increased cloud usage by more than 25% from the year prior. That increase matches what research firm Canalys says, with Canalys showing 29% growth in the public cloud market. These are big numbers. Canalys tells us that the worldwide cloud market was worth $247B last year.
Common wisdom holds that enterprises adopt the cloud because of its flexible OpEx-driven cost structure. While there’s no question that this was once true, Palo Alto is reporting that the reasons for cloud adoption have shifted. Instead of cost, enterprises look to the cloud for its flexibility, which enables greater efficiencies and agility. Cost didn’t even make the list this year.
Palo Alto reports that, beyond flexibility, enterprises are adopting cloud and cloud-native technologies to improve processes and workflows, mitigate business and regulatory risk, and help drive expansion into new markets.
It’s interesting to note that mitigating risk is a core driver for cloud adoption, as the survey details the risks inherent in the model. For example, 90% of organizations said they could not detect, contain, and resolve cyber threats within an hour.
Cloud-native technologies are all about application velocity. Here are some quick numbers from Palo Alto’s report that describe the organizational agility that IT teams can achieve with cloud-native:
· 77% of respondents deploy new or updated code to production weekly.
· 38% are committing new code daily.
· 17% deploy new or updated code multiple times per day.
Much of this agility and velocity are enabled by open-source applications, libraries, and tools. This is what’s known as the software supply chain, and the software supply chain is under frequent attack. Ensuring the integrity of software dependencies is a complex challenge. Palo Alto reports that 81% of its respondents embed security professionals into their DevOps teams.
Integrating security into DevOps teams is much needed. Palo Alto shared that more respondents experienced risk introduced early in application development than any other event. Thirty-two percent of respondents reported that a lack of visibility into vulnerabilities across cloud resources led to a security incident.
Given that cybersecurity routinely tops the list of CIO concerns, I was most surprised by how unprepared many survey respondents seem to be. Security in the cloud is more critical than securing on-prem resources. Cloud comes with a big pipe to the wilderness that is the global internet. Leaving your door unlocked can be instantly catastrophic.
Here’s a scary statistic: 78% of organizations have distributed responsibility for cloud security to individual teams, while 47% said most of their workforce does not understand their security responsibilities. Let that sink in.
Managing holistic security across teams and embedding security across the development lifecycle are the top two challenges for IT organizations. Some tools can help address this challenge, but there is also a danger of over-tooling. Managing too many tools can increase complexity, amplifying the problem.
The survey showed that 81% of respondents said they would benefit from a centralized security solution across all their cloud accounts and services. It goes on to say that 78% of respondents believe cloud security needs greater straight-out-of-the-box operation. Here, the survey meets the practical solutions offered by Palo Alto Networks.
I asked Ankur Shah, senior vice president and general manager of Palo Alto’s Prisma Cloud business, what his key takeaway was from this report. Mr. Shah told me the report highlights that securing cloud-native starts with the application developer. This is a true code-to-cloud journey. And we’re just getting started as an industry.
Palo Alto Networks services this space with its Prisma Cloud offering. Prisma Cloud is Palo Alto’s platform to secure nearly everything an enterprise runs in the public cloud. However, Prisma Cloud goes well beyond simple network security. The offering is architected for cloud-native and integrates directly into developer workflows to identify vulnerabilities before they make it to a production environment.
At the recent Barclays Global Technology, Media, and Telecommunications Conference, Palo Alto CEO Nikesh Arora said he expects Prisma Cloud to evolve into a $1B/year business over the next 12 to 18 months. That’s a strong statement, but one I believe. The recent Bridgecrew and Cider Security acquisitions give Palo Alto Networks an enviable amount of intellectual property to address this problem. As a result, the company is far ahead of its competitors in this space.
Prisma Cloud is the largest cloud security solution on the market. Palo Alto Networks says its Prisma offering is growing at 48% year-on-year. Within the Global 2000, Prisma is growing at more than 39% year-on-year. The market continues to expand with enterprise cloud adoption.
Managing security risks in the cloud and within cloud-native architectures is challenging. The risks inherent in these models, and the attack surfaces they contain, are very different from more traditional server-focused infrastructure. This survey highlights precisely how different the world we now live in really is.
There’s far more to say about cloud-native cybersecurity than I can fit into this column, and so
I’ve only lightly touched on a few highlights from Palo Alto’s report. I encourage you to download and read through it yourself. You’ll find that, whatever challenges your organization might face as you manage your cloud-native activities, you’re not alone. In a world where enterprises don’t like to talk about security breaches, that may be the most valuable takeaway of all.
Disclosure: Steve McDowell is an industry analyst, and NAND Research an industry analyst firm, that engages in, or has engaged in, research, analysis, and advisory services with many technology companies, which may include those mentioned in this article. Mr. McDowell does not hold any equity positions with any company mentioned in this article.