Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/9/2021
11:20 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Devo Report Reveals Cloud Security Priorities of 'Pandemic-Evolved' Businesses

CAMBRIDGE, Mass., June 09, 2021 (GLOBE NEWSWIRE) -- Devo Technology, the cloud-native logging and security analytics company, today announced the results of a report assessing the current state and pace of change with regards to enterprise cloud transformation initiatives and the ramifications on teams running a Security Operations Center (SOC). The report, “Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits,” found that the global pandemic accelerated business transformation far past the cloud tipping point and uncovered severe and far reaching implications for security teams. It also revealed that forward-thinking and high performing organizations took this opportunity to face the challenges head-on, and their businesses are far better for it—with more than half of high performing organizations seeing gains in capabilities and visibility.

The findings come from a survey conducted by the Enterprise Strategy Group (ESG) comprising 500 IT and security personnel in the ‘SOC chain of command’ at enterprise-class (i.e., more than 1,000 employees) organizations in North America and Western Europe in January 2021.

The global pandemic, and associated surge in remote work, accelerated a massive move to cloud with cloud-first organizations now outnumbering on premise organizations by a ratio of three-to-one, with 81 percent of organizations voicing that COVID had accelerated their cloud timelines and plans. Across these companies, there was a 200 percent jump in organizations planning to move more than 75 percent of their apps/workloads to the cloud, with 86 percent of companies placing cloud options in their decision process for new applications, and more than 40 percent choosing the cloud as their first option.

“It could not be more clear from our conversations with these companies that cloud considerations are no longer a project-based decision, but an ‘all-in’ business strategy,” said Jon Oltsik, Senior Principal Analyst & ESG Fellow. “Even at a time of increasing regulations and risks—and increasing IT complexity driven by cloud computing proliferation—organizations are moving aggressively to transform their businesses.”

With such a massive and rapid shift, the current infrastructure of technology and people are not well aligned with these new realities. Respondents cited significant issues of complexity and overload—most notably, 80 percent citing as much as 40 percent more security data on which they need to analyze and act. The staffing costs are also high with 41 percent citing challenges of increased workload, and 35 percent identifying a security skill mismatch—all resulting in higher exposure. In 60 percent of organizations, they have seen an increase in threat and attack complexity and in more than 60 percent, it has exposed weaknesses in legacy security toolsets.

“While dramatic change is a constant in security, it’s safe to say that 2020 challenged security professionals in unprecedented ways,” said Ted Julian, SVP of Product at Devo. “An amazing and encouraging finding of this study is that nearly a quarter of organizations didn’t just weather the storm of change, they turned it into an opportunity to build for the future.”

ESG designated the 22 percent of organizations deemed high performing as “Cloud Evangelists,” characterizing them as businesses with high adoption rates of cloud and cloud-based security controls. With nearly 80 percent of these organizations seeing an increase in security spending for cloud, those moving aggressively to transform their security made substantive changes, including:

  • More than 40 percent have implemented automated security processes to detect and respond to attacks on cloud workloads.
  • More than half have instituted cloud security training for the SOC, and 36 percent added security staff.
  • Nearly 90 percent believe their organization’s public cloud security spending will increase over the next 12 months

The all-in approach taken by Cloud Evangelists has not only allowed organizations to keep pace with change, but also positively affect the operational strength of the business overall. More than 50 percent said these security changes increased the pace of application development and deployment, and 62 percent indicated it eased the ability to adopt new technologies. Finally, 56 percent cited “high confidence” in security visibility into cloud workloads.

These changes by Cloud Evangelists highlight the organizational differences from another group identified in the report, Cloud Adopters (11 percent of survey participants), which represents organizations that are adopting cloud computing but are not as aggressive toward adoption of cloud-based security controls. When it comes to this group that are on the right track of shifting to the cloud, the report findings showed:

  • Adopters report a less significant positive impact of cloud computing on adopting new technologies, with only 42 percent reporting positive impact.
  • Adopters are also playing catch up to Evangelist when it comes to resources. Thirty six percent of Adopters are adding capacity or resources to security compared to 48 percent among Evangelists.
  • Adopters are nearly neck-and-neck with Evangelists with 24 percent strongly agreeing that adopting cloud computing exposed limitations of existing tools in providing security visibility.

About Devo
Devo is the only cloud-native logging and security analytics platform that releases the full potential of your data to empower bold, confident action. With unrivaled scale to collect all of your data without compromise, speed to give you immediate access and answers, and clarity to focus on the signals that matter most, Devo is your ally in protecting your organization today and tomorrow. Headquartered in Cambridge, Mass., Devo is backed by Insight Partners, Georgian, and Bessemer Venture Partners. Learn more at www.devo.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24368
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.