The new era of cloud security—The India point of view

As the world of work is transformed by the pandemic, leaders are assessing operations and new ways of running their businesses. COVID-19 has accelerated long-standing trends while also making investments in digital transformation more urgent.

The rapid and unexpected shift to remote work models highlights the benefits of decentralized cloud infrastructure and cloud security operations. For example, at the outset of the crisis, many organizations ramped up their use of multi-factor authentication, zero-trust security frameworks, and security policies designed for flexible work environments.

But the transition to cloud operating models has also highlighted fundamental dependencies and limitations—and the resultant risks—at the core of digital supply chains and digital operations. Operational constraints, ad hoc remote-work arrangements, and an unexpected mix of devices and access points have exposed organizations to new risks.

81% of global executives and 74% of India-based executives consider security a brand attribute that differentiates their organization.

For the purposes of this study, we have defined five stages of cloud security transformation:

• Evaluating. Early-stage cloud security operations encompassing pilot projects and/or limited production deployments. Identifying candidate use cases, formulating business strategy, and/or building a value case for cloud security.
• Investing. Deployment(s) of cloud security underway with value being realized. Strategy and business cases are in place.
• Integrating. Infrastructure and processes support the secure flow of data between various cloud and on-premises environments that support business functions. New cloud-based offerings/services are securely enabled.
• Optimizing. Taking full advantage of data flowing securely between multiple cloud and on-premises environments. Cloud security functionality and benefits are realized.
• Innovating. Capability exists to securely enable and extend new cloud-native business and operational opportunities to internal and external partners. Operational feedback drives perpetual improvements.

While cloud adoption is undoubtedly driven by business objectives, security concerns and considerations play a fundamental role in cloud transformation efforts. For most organizations, cloud security is still a work-in-progress. A 2020 IBV study found that only 42% of respondents around the world report they have multicloud security and compliance deployed across their entire IT infrastructure.

Security dividends: Security postures improve as organizations enhance their cloud security capabilities.

For the present study, executives surveyed indicated their cloud risk exposure increases as cloud footprints expand, but also that security postures can improve as organizations enhance their cloud security maturity. These findings suggest that investments in cloud security are paying off, but also that modernizing operational and governance practices is essential to maintaining an effective security posture.

Complexity is challenging security organizations

49% of global executives and 44% of India-based executives surveyed cited complexity of infrastructure or operations as their most critical challenge. This is by far the leading impediment to the security organization’s effectiveness, cited nearly 1.5 times as often as the next leading factor.

Of note, many of the other factors cited—such as lack of talent (cited by 22% of global and Indian executives), governance concerns (cited by 22% of global and 29% of India-based executives), lack of skills (cited by 20% of global and 25% of India-based executives), and lack of operational alignment (cited by 20% of global and 30% of India-based executives)—may also reflect underlying issues related to complexity.

Globally, organizations with the most mature cloud security practices outperform peers by more than 2x in terms of both revenue growth and profitability.

Security governance—whether in the form of security standards, administrative policies or control frameworks— is first and foremost a design consideration. What differentiates high performance security operations teams are the innovative ways they mitigate complexity to improve efficiency, consistency, and quality.

Read the full report to learn how organizations that are furthest along in their cloud security journeys have shifted their approach to security—allowing them to outperform their peers.