Osterman Research Survey Finds 84% of Companies Have Only Rudimentary Capabilities for Securing Their Cloud Infrastructure
Ermetic, the cloud infrastructure security company, today released the findings of a research study conducted by Osterman Research on the cloud security maturity level of organizations in North America. The survey found that 84% of respondents were at an entry level (one or two) in terms of their cloud security capabilities and only 16% ranked at the top two levels. Meanwhile, 80% of companies reported they lack a dedicated security team responsible for protecting cloud resources from threats. The survey also revealed the top five priorities that all highly mature companies have in common when it comes to cloud security.
Osterman Research surveyed 326 organizations in North America with 500 or more employees and who spend a minimum of $1 million or more each year on cloud infrastructure to establish an industry baseline against the Ermetic Cloud Security Model. The model was designed to provide organizations with a lightweight framework for determining their maturity level (1 - Ad Hoc, 2- Opportunistic, 3- Repeatable, 4- Automated & Integrated) across multiple domains, while allowing them to develop a specific, actionable roadmap for advancing their capabilities.
"One of the most unexpected findings that emerged from this study was the lack of cloud security maturity among the largest enterprises surveyed," said Michael Sampson, senior analyst for Osterman Research and author of the report. "Less than 10% of companies with more than 10,000 employees reported being at the top two maturity levels, while nearly 20% of smaller enterprises have achieved repeatable or automated & integrated cloud security capabilities."
Other Report Highlights
Five Habits of Highly Mature Companies
Organizations that want to benchmark themselves against the Ermetic Cloud Security Maturity Model and their peers can access a free online self-assessment here:
Finally, Ermetic will host a Webinar to discuss the report's findings and the Ermetic Cloud Security Maturity Model on Wednesday, August 17, 2022, at 10:00 AM PT / 1:00 PM ET. The report's author, Michael Sampson of Osterman Research, and the creator of the maturity model, Lior Zatlavi, Sr. Cloud Security Architect at Ermetic, will present. To register visit: