The State of Cloud Security

Cloud computing is fundamentally delivering on its promised business outcomes, including flexible capacity and scalability, increased agility, improved availability, and accelerated deployment and provisioning.

However, security concerns remain a critical barrier to faster cloud adoption, showing little signs of improvement in the perception of cloud security professionals. Cloud adoption is further inhibited by a number of related challenges that prevent the faster and broader embracement of cloud services, including the continued lack of cloud security talent, proliferating compliance requirements, and a significant lack of visibility and control, especially in hybrid and multi-cloud environments.

Cybersecurity Insiders and Fortinet conducted a comprehensive survey of 752 cybersecurity professionals on the state of cloud security earlier in 2023 and the resulting Cloud Security Report revealed a variety of key challenges and priorities, including:


  • Cloud security continues to be a significant issue, with 95% of surveyed organizations concerned about their security posture in public cloud environments. Misconfiguration remains the biggest cloud security risk, according to 59% of cybersecurity professionals. This is closely followed by exfiltration of sensitive data and insecure interfaces/APIs (tied at 51%), and unauthorized access (49%).


  • Despite economic headwinds, cloud security budgets are increasing for the majority of organizations (60%) by an average of 33%.


  • 44% of organizations are looking for ways to achieve better visibility and control in securing hybrid and multi-cloud networks, with 90% looking for a single cloud security platform to protect data  consistently  and  comprehensively  across  their  cloud  footprint.


Despite a leveling out of cloud adoption year-over-year, the pace of moving workloads to the cloud remains strong. Today, 39% of respondents have more than half of their workloads in the cloud, while 58% plan to reach this level in the next 12–18 months.


As workloads move to the cloud, organizations are selecting the cloud platform that’s the best fit for each project. This is driving multi-cloud proliferation with nearly seven out of 10 companies in our survey using two or more cloud providers (69%).


Which cloud providers are organizations prioritizing? The big name providers, such as Microsoft Azure (72%) and Amazon Web Services (67%), continue to dominate the market. However, future cloud adoption is highest for Google Cloud Platform (+21%) and Oracle Cloud (+20%).


It seems the cloud is not just about compute and storage. Interestingly, security services are the top workload deployed in the cloud (56%), just ahead of compute (54%), storage (52%), and even applications (51%).



While the cloud offers important advantages, significant barriers to cloud adoption still exist. The biggest challenges organizations are facing are not primarily about technology, but people and processes. Most critical is the perennial lack of qualified staff (37%), which continues to be the largest impediment to faster adoption, despite dropping slightly from last year. This is closely followed by legal and regulatory compliance (30%), data security issues (29%), and integration with existing IT environments (27%).



After years of cloud adoption, do organizations believe cloud computing is delivering on its promise? The answer is yes. Cloud users affirm that the cloud is delivering key business benefits, including flexibility and scale (53%), agility (45%), business continuity (44%), and accelerated deployment and provisioning (41%). This is the first year that accelerated deployment has made it into the top four, leapfrogging both performance and the move to variable OpEx.



The benefits of the cloud are driving key business outcomes, and this year responsiveness to customer needs (52%) becomes the top outcome instead of accelerated time to market (48%). Organizations that are smart about integrating cybersecurity into their move to the cloud are also seeing its value to the business in lower risk and improved security (42%) and in cost reductions (41%).



Despite increasing cloud adoption, cloud security concerns show no signs of improving. Virtually all surveyed organizations are moderately to extremely concerned about their security posture in public cloud environments (95%). The number of organizations that are extremely concerned about public cloud security even increased this year — 35%, up from 32%.


Concerns about public cloud security, combined with a lack of resources and expertise, are driving the perception that the risk of a security breach in the public cloud is higher than in traditional on- premises environments (43%). Only 27% of security professionals perceive risk to be lower in a public cloud environment.


Cybersecurity professionals face numerous challenges when it comes to protecting cloud workloads. The people factor again sits at the top of the list, lack of qualified security staff (43%), closely followed by compliance (37%). Multi-cloud proliferation is almost certainly the reason behind the headache of delivering consistent security policies (32%).


Multi-cloud environments increase the complexity and challenges of securing cloud workloads. The people factor and the expertise that multi-cloud environments demand is clearly highlighted in the fact that three out of the four top challenges are related to having the right skills, along with an in-depth understanding of each cloud platform.


Which cloud security threats keep cybersecurity professionals up at night? The same top four as last year, with misconfiguration continuing to hold the top spot, according to 59% of cybersecurity professionals. This is closely followed by the exfiltration of sensitive data and insecure interfaces/APIs (tied at 51%), and unauthorized access (49%).


Security professionals are using their cloud budgets wisely to address the threats and concerns that pose the biggest risk to the business. It may be no surprise that preventing misconfiguration is the number one priority (51%), but securing applications that have already moved to the cloud is a close second (48%).


The cloud allows organizations to get the same advantages for their security services as they have for their applications and workloads. This includes better scalability (56%), faster time to deployment (48%), reduced effort around patches and upgrades of software (43%), and cost savings (40%).


In light of the challenges regarding security visibility and lack of cyber talent, it comes as no surprise that the vast majority of respondents (90%) consider it moderately to extremely helpful to have a single cloud security platform and dashboard to protect data consistently and comprehensively across their cloud footprint.


The 2023 Cloud Security Report is based on a comprehensive global survey of 752 cybersecurity professionals conducted in February 2023, to uncover how cloud user organizations are adopting the cloud, how they see cloud security evolving, and what best practices IT cybersecurity leaders are prioritizing in their move to the cloud. The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.


No posts to display