According to research by ESG in partnership with Devo, most organizations are well past the tipping point for cloud computing proliferation. For example:

• More than one-third (34%) of organizations claim that at least half of their applications and workloads reside in public cloud infrastructure today. This will increase precipitously in the near future.
• 53% of organizations believe that at least half of their applications and workloads will reside in the public cloud two years from now.
• 41% of organizations have adopted a cloud-first policy, deploying new applications using public cloud services by default.
• Alternatively, only 14% of organizations maintain a policy where new applications are deployed using on-premises technology.

The unusual events of 2020 play a large part in this shift.

• 90% of organizations claim that they have increased their use of public cloud computing as a result of the global pandemic.
• Furthermore, 81% of organizations accelerated plans and timelines for public cloud computing in response to new requirements driven by the global pandemic.

ESG on the importance of cloud security

ESG Analyst Jon Oltsik gives a high-level overview of the research findings and how respondents were grouped into four segments based on their level of cloud adoption.

Security complexity, growing security data volumes, and visibility gaps should cause alarm bells to ring in the CISO’s office for one simple reason—nearly half (47%) of organizations have experienced at least one cyberattack specifically related to their public cloud environment over the past year. Below are 4 tips that CISOs and security leaders can use to address these inevitable challenges:

1. As cloud use grows, your organization also needs to evolve its processes and governance models. Doing this can include implementing a shared responsibility model for controls and processes with cloud providers, implementing cloud security automation, and increasing headcount and training staff on cloud security best practices. 
2. Transitioning your security analytics to the cloud is another necessary step to keeping cloud environments safe. Your security team should assess whether current SIEM systems can meet cloud-driven requirements. Cloud security analytics solutions must be quick and highly scalable. If your SIEM can’t meet cloud needs, your team should plan to supplement or entirely replace it. 
3. It’s also critical for your security team to understand the difference between cloud-based and cloud-native security analytics solutions. A cloud-native solution is built for the cloud and leverages the cloud’s full capabilities for performance and efficiency — a cloud-based security solution is merely hosted on the cloud.  
4. While speed and scale are necessary, cloud security is only successful if it provides total visibility and clear insights. When evaluating cloud security tools, your security team should make sure they’re able to play well with the rest of your security ecosystem so you can centralize your analytics with a single solution.