Organizations are at different stages of their journey with respect to the maturity of their approach to cloud security, both in terms of their strategic approach to the cloud as well as tactical measures. The report establishes three fundamentally different stages of cloud security maturity, "discoverers" who primarily deploy cloud access security brokers (CASBs) to discover and assess shadow IT or user-led cloud services; "controllers" who apply cybersecurity policies, processes, and CASB technology to realize the fundamental cybersecurity outcomes of preventing data loss and the introduction of threats; and the most mature category known as "enablers," who are well aware of the use of user-led applications, but take a fundamentally different approach by securely enabling the business value they deliver to the organization.
"The data in this report shows that many organizations, including 'enablers,' still have work to do to fully realize the advantages of the cloud," said Sanjay Beri, founder and CEO, Netskope. "To help the industry move closer to the final stage of maturity, we have developed a self-assessment tool for enterprises to gauge their process on the cloud security journey, and we look forward to working with enterprises around the world to accelerate their adoption of cloud services."
According to the report, 48% of respondents were categorized as discoverers, 31% as controllers, and 21% as enablers. Other key findings include:
"User- and business-unit-led cloud services have challenged the traditional role of enterprise IT and security teams, demanding that these teams now decide how, not if, they will secure their organization's use of the cloud," said Doug Cahill, senior analyst and group director, Enterprise Strategy Group. "This research highlights that organizations with the most mature approach to cloud services not only enjoy the most tangible business benefits, but also do so while mitigating their overall cloud security risk posture."