Palo Alto Networks Inc. today published its 2023 State of Cloud-Native Security Report, an annual report that reveals insights on cloud adoption growth, migration challenges and top security threats.

The findings, based on a survey of 2,500 global C-level executives, information technology leaders, developers and security practitioners, found, among other things, that cloud adoption has changed how organizations develop, deliver and secure applications.

The report found that the move to hybrid work has accelerated change and resulted in increased complexity regarding application security. Additionally, DevOps teams were found to be pressed to deliver production code, putting increasing pressure on security organizations to keep pace.

Three-quarters of respondents said their organizations were deploying new or updated code to production weekly and almost 40% committed new code daily. Code-to-cloud security was found to be accelerating, providing a deeper level of engagement between application developers and security tools and teams, especially in the application design phase.

More than 80% of respondents say they have embedded security professionals in DevOps teams at an average ratio of 10 developers for every security professional. The report notes that security must enable development and it’s critical to an organization’s success to equip developers with the proper security tools that don’t hinder their ability to build and deploy applications quickly.

Three-quarters of organizations said they struggle to identify which security tools are necessary to achieve their objectives. The lack of understanding leads to organizations implementing numerous single-point solutions, but stitching together multiple disparate tools doesn’t provide the necessary in-depth visibility across an entire cloud portfolio to remain secure.

More than three-quarters of survey respondents reported that the number of cloud security tools they use creates blind spots that affect their ability to prioritize risk and prevent threats. The average organization uses 30 or more security tools, with an average of six to 10 dedicated to cloud security.

“Mindsets are shifting toward consolidated cloud security platforms, with 80% of respondents saying that they would benefit from a centralized security solution that sits across all of their cloud accounts and services,” explained Ankur Shah (pictured), senior vice president of Prisma Cloud at Palo Alto Networks. “Visibility is important, but by itself, it’s not enough. The path forward centers around a platform approach that provides organizations with in-depth visibility paired with threat detection and response.”

In the headline finding, 90% of organizations said they could not detect, contain and resolve cyberthreats within an hour. More than 30% of respondents indicated that lack of visibility into vulnerabilities created a challenge to ensuring comprehensive security.

Four of the top five challenges respondents mentioned when moving to the cloud — lack of talent, maintaining comprehensive security, lack of visibility and compliance requirements — are inextricably linked to the No. 1 concern: technical complexity.

Organizations were also found to have largely distributed responsibility for designing and implementing cloud security policies and procedures to individual teams, but a major disconnect was discovered, since almost half the respondents said that the majority of their workforce does not understand their security responsibility at their organization.

“As cloud adoption and expansion continues, organizations need to adopt a platform approach that secures applications from code to cloud across multicloud environments,” Shah added.

Shah spoke with theCUBE, SiliconANGLE Media’s livestreaming studio, in December, discussing how Palo Alto Networks is enhancing data protection by showing vulnerabilities in code protection:

Photo: SiliconANGLE