"84 Percent of Companies Have Only Basic Cloud Security Capability"
According to a new study, the vast majority of businesses are only at the beginning of their cloud security capabilities. For the cloud infrastructure security company Ermetic, Osterman Research surveyed 326 organizations in North America with 500 or more employees and a minimum annual spend of $1 million or more on cloud infrastructure. The goal is to create an industry baseline against the Ermetic Cloud Security Model, which has four levels "Ad Hoc," "Opportunistic," "Repeatable," and "Automated and Integrated." According to Michael Sampson, senior analyst at Osterman Research, one of the most unexpected findings was the lack of cloud security maturity among the largest enterprises surveyed. Less than 10 percent of companies with over 10,000 employees reported being at the top two maturity levels, whereas nearly 20 percent of smaller businesses have achieved repeatable, automated, and integrated cloud security capabilities. Among other findings, 42 percent of businesses that invest more than 50 hours per week in cloud security achieve the highest levels of maturity (levels three and four). It also demonstrates that larger is not always better, as only seven percent of companies with more than 10,000 employees are at level three or four in terms of maturity, compared to 18 percent of companies with 2,500 to 9,999 employees and 24 percent of companies with 500 to 2,499 employees. This article continues to discuss key findings from the survey on the state of cloud security maturity.
BetaNews reports "84 Percent of Companies Have Only Basic Cloud Security Capability"