Public cloud investment is expanding rapidly in 2017, with Gartner projecting 18% growth over the course of this year, including 36.8% growth for the SaaS market alone. We recently conducted a survey with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) to find out what the business drivers are behind this growth. This is what we learned.
Complex Infrastructures, Complex Decisions
Many businesses today find themselves with some sort of hybrid environment — a mix of on-prem, private cloud, public cloud, and containers. This provides a challenge when it comes to both security and compliance. How can you gain sufficient visibility into a complex environment like this? Given the state of today’s threat landscape (you’ve read the headlines!), it has never been more important to cast a wide net when it comes to intrusion detection, keeping a watch for both internal and external threats.
Compliance as a Major Driver
The Threat Stack / ESG report found that compliance is a driving force behind investment in security solutions today. The majority of organizations are beholden to at least one compliance or regulatory framework — from SOC 2 to HIPAA to PCI DSS — and so it has become a difficult area to ignore. We learned that 31% of investments in cloud security today are driven by external compliance demands such as customer requirements. However, 59% of our respondents said that meeting customer prospects’ compliance requirements often slows down the sales process.
Especially as compliance becomes a business imperative and customers demand compliance before signing agreements, there are financial stakes on the table for those who don’t do what it takes to meet compliance standards.
Achieving compliance with complex cloud environments can seem challenging at first. However, it is also, in many ways, easier to gain visibility into cloud infrastructure, especially if you implement a comprehensive intrusion detection platform (IDP) — which can satisfy many requirements around monitoring, detection, audit trails, and more.
The bottom line: Compliance is the number one driver behind cloud security tool investment today, and it is table stakes for many businesses. Don’t put it off.
But Don’t Forget Security
Of course, compliance is not the only thing that organizations have in mind today. The ongoing data breaches that splash across the headlines every day make it clear that security is also a major concern.
This is further complicated by the need to address customer-driven security requirements. Similar to compliance, we found that 57% of respondents indicated that security requirements from prospective customers were delaying their sales cycles.
One thing our survey respondents clearly understand is that security and compliance are not abstract requirements. Shortcomings in these areas often lead to real slowdowns in sales cycles, decreased operational efficiencies, and interrupted delivery of new products to market. These problems, of course, have a direct negative impact on the bottom line. Perhaps most ironic, this can reduce the gains that come from the increased efficiency and scale that the cloud and containers offer.
In other words, meeting compliance and security concerns is not a nice-to-have: It is a business imperative today.
The Bottom Line
In order for compliance and security to scale as quickly as cloud environments do today, effective controls must be offered via unified platforms that can dynamically adapt to changes in the environment. Because change they will!
In addition to technology considerations, security leaders must work with their leadership and stakeholders to educate them on the importance of a shared responsibility model to maintain security. There is no “them” and “you” when it comes to a security mindset. The mindset should be “all of us” because ultimately everyone in the business is affected if a worst case scenario of a data breach occurs. An intrusion detection platform allows this teaming strategy to security to become a workflow that supports the speed of business.
When cloud security is approached from this holistic, integrated perspective, organizations can begin to derive the full value that the cloud offers — speed and security at scale.
We recommend that all businesses today, regardless of where they are in the cloud adoption lifecycle, develop an integrated security and compliance strategy. The backbone of this must be a comprehensive intrusion detection platform. This is the best way to address the larger issues surrounding complexity, compliance, and containerization, at scale in a modern, complex cloud environment.
For more information, feel free to download the full Threat Stack / ESG report: Threat Stack Cloud Security Report 2017: Security at Speed & Scale.
Cloud Security Report 2017
Understand the state of the industry and the gap between security and compliance readiness.