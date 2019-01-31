|
New Research Shows Cloud Workload Security is the Top Budget Priority for 2019
Threat
Stack, the leader in cloud infrastructure security, today announced
the findings of The
the findings of The 2018 State of Security Budgeting report. This new survey
indicates that a majority of companies (54 percent) are worried that
they will soon outgrow their security solutions. While budgets are
expected to increase by 19 percent over the next two years,
organizations are struggling with a disconnect between Security and
DevOps and are facing difficulties in determining where to allocate this
budget in the face of rapidly evolving infrastructure.
With less than half of their infrastructure remaining on-premise (41
percent), businesses are increasingly making significant migrations to
infrastructure-as-a-service (IaaS) (25 percent), platform-as-a-service
(PaaS) (17 percent), and containers (10 percent). This is one of the
primary reasons why respondents indicated that their top two budget
investments in 2019 will be directed at cloud workload security and
intrusion detection systems (IDS).
Friction Between Security and DevOps Teams
Previous Threat
Stack research indicated that while DevSecOps is a stated goal at
most organizations, it is far from a reality. In fact, the two areas
appear to be at significant odds internally. A common complaint within
organizations is that development is working contrary to security team
goals: 91 percent of respondents believe that development teams
introduce risk to the organization. The top three reasons for this
increased risk center on required access to:
-
Sensitive corporate information (45 percent)
-
Personally identifiable information (40 percent)
-
Root-level permissions (34 percent)
A significant portion (29 percent) of respondents believe that their
organization prioritizes releasing code that "works" over code that is
secure.
Security teams are carrying their own organizational baggage as well.
Almost three-quarters of respondents (74 percent) agreed that the
security team is under pressure to keep pace with development and
operations, and 63 percent believe their security team slows down the
speed of their business.
Short-Tem IT and Security Approaches Impede Long-Term Scalability
The
end result of this misalignment is an IT and security strategy that
senior-level decision-makers feel is not scalable. Many enterprises are
already feeling the pinch as 54 percent of respondents believe their
organization is at risk of outgrowing their security solutions. And
businesses aren't being strategic with their IT strategy - 52 percent of
respondents indicated that their organization's current security
technology is not well enough coordinated to sustain future growth.
Security Budget Growth Having Limited Impact
Security
budgets are expected to grow by an average of 19 percent within the next
two years to an average of roughly $773,000. But more than 90 percent of
respondents also report that they face significant challenges related to
budget allocation, with:
-
53 percent saying it is difficult to choose a security solution that
is both scalable and within their budget.
-
39 percent reporting struggles evaluating security vendors and
defining how each security element impacts business risk.
-
31 percent reporting that different departments and areas of the
business control their own security budget, which makes it difficult
to execute on an overall business strategy.
As a result, despite organizations devoting additional resources to
security, 32 percent believe their cloud security processes need
significant improvements.
"Budget constraints are a constant challenge for security teams," said
Jonaki Egenolf, Chief Marketing Officer, Threat Stack. "Through the
Threat Stack Cloud SecOps Program, we work directly with customers to
alleviate some of that pressure by augmenting short-staffed security
teams and helping to maximize the value of cloud security investments.
There is no one-size fits all answer to cloud security, which is why we
provide specific, customized, and actionable recommendations designed to
decrease risk without slowing down the speed of their business."
The research was conducted by Vanson
Bourne. The findings encompass feedback from more than 300 security,
IT, and compliance decision makers at a variety of organizations, from
enterprise to startup, across several different industries including
healthcare, retail, financial services, and more.
