Cloud security today: Complexity, compliance, and containerization

An new report by Threat Stack and ESG sheds light on the security and business challenges that accompany the growth of public cloud environments and containers. Overall, the findings show a gap in security and compliance readiness across fast-growing cloud and container environments.

One in three cannot maintain cloud security

31% of those surveyed said that they are unable to maintain security as their cloud and container environments grow – a startling figure in the context of today’s threat landscape. As a result, 62% say that they’re seeking greater visibility into their public cloud workloads.

60% of organization call security & compliance an obstacle to winning new business

57% of those surveyed reported significant delays in the sales cycle due to trouble meeting customer security requirements. while 59% reported the same issue around meeting customer compliance requirements. Accordingly, nearly one in three of all investments in cloud security are now driven by the need to satisfy customer and partner compliance demands.

40% of environments will become hybrid in the next 12 months

40% of respondents reported they will have hybrid environments within a year – an increase from the current 12%. Meanwhile, 45% of organizations plan to start testing or deploying containerized environments – above the current 42% who already do.

At the same time, 94% of respondents believe containers have negative security implications for their organizations, pointing towards a potential uptick in container security investment.

Companies of all sizes are adopting increasingly more complex technical solutions as the market democratizes what was previously reserved for software giants,” said Sam Bisbee, Threat Stack CSO. “This has created an opening for external and internal threats as security teams catch up on cloud, containers, and more. This study’s finding that 94% of respondents believe containers make them less secure is a phenomenal example of how both technology and security practitioners do not understand the complex technologies they are adopting. Containers originally focused on resource isolation, offering system building blocks to address specific operational needs that could be coupled with security solutions – they were not supposed to be a replacement for VMs, which is how most teams treat them.”