The State of Cloud Native Security Report 2020


Palo Alto Networks has released its first annual The State of Cloud Native Security Report detailing the practices, tools and technologies that organisations around the world use to manage security for cloud native architecture.

As organisations accelerate to the cloud, and security professionals grow increasingly concerned about the pace of change; the number of available tools detracts from their ability to prioritise risks and prevent threats.

The survey includes insights from 3,000 professionals in cloud architecture, information security, DevOps and application development across several countries, industries, and job roles to assess both the current state of cloud and cloud security.

In Australia, survey results indicated that:

Organisations are accelerating away from physical infrastructure to the cloud, and toward multi-cloud environments.

  • While organisations are currently hosting 44% of their workloads in the cloud, they expect this to rise to 64% in the next two years.
  • 92% of organisations use more than one cloud platform, 56% between two and five.

An increased reliance on the cloud has not brought increased confidence in cloud security posture.

  • 80% say their company’s cloud infrastructure is constantly evolving to meet marketplace demands and to capitalise on new offerings.
  • 73% believe that threats to cloud workloads are outpacing cloud security tools, systems, and solutions.

Multiple security vendors and tools is the norm, but respondents still unsure who is responsible 

  • 65% of companies use more than five security vendors, and 57% use more than five security tools.
  • 31% say their organisation struggles to clearly delineate between the customers’ responsibility for cloud security and their CSP’s responsibility for security.

Disparate security products present gaps in prevention and roadblocks in cloud migration

  • 35% believe that the number of point solutions used to secure our cloud-native workloads create blind spots that detract from the ability to prioritise risk and prevent threats.
  • 73% of the respondents [from highly prepared companies]say that a high number of point solutions creates blind spots that make it more difficult to prioritise risks and prevent threats.

The survey includes a series of cloud security actions common to organisations with high preparedness levels, including leveraging a comprehensive, end-to-end security solution and active collaboration between security and engineering by embracing the principles of DevSecOps.

Sean Duca, vice president and regional chief security officer, Asia Pacific and Japan, Palo Alto Networks noted that, “Many organisations are moving to the cloud because they understand its business benefits. However, security is a key factor that should be a priority from day one. With businesses using more than a single vendor, everyone is responsible for ensuring that the right solutions are in place to secure data, build resilience, and reduce the impact of cyber threats.

“As we plan ahead, companies should look towards deploying a single platform to secure the cloud as it is the best way to optimise for the cloud native architectures and methodologies for today and the future”, he added.

The full report can be accessed here.