Cloud Security in the Enterprise: Three Signs Your Organisation Has Good Security Posture
When it comes to cloud security, how confident are you—and how confident should you be?
This month we launched our brand-new report on The State of Cloud Security in the Enterprise. It’s full of fascinating, and sometimes even surprising, insights into the current hot security topics, such as zero trust, the impact of GRC, and even hiring trends and must-have security certs.
The report aims to answer in full detail a question we get time and time again from our customers: "How does my organisation’s cloud security maturity compare to other enterprises within my industry?”
To give a clearer view of the cloud security landscape, we surveyed more than 350 people working in senior leadership roles in the enterprise, and asked them about everything from their security practices to their confidence levels. The report is a brilliant conversation starter and will give you much food for thought that, we hope, will help you take important steps to straightening up your security posture where needed.
We built on some of our findings to put together a handy infographic, which explains what good looks like when it comes to security, and the signs that your security posture is in great shape.
How Confident Are You in Your Security Posture?
If you’re anything like the 73% of respondents who believe their security postures are better than most, then we really hope it’s an indication that everything is tip-top in your organisation! However, when confidence isn’t rooted in hard facts, it might actually mean you’re more at risk and vulnerable to outsider (and insider) threats.
In the same way that people who think they’re bad drivers might actually be more cautious on the roads while confident drivers might be more likely to speed, it’s important to make sure that high confidence in your security posture isn’t a sign of a gung-ho attitude and unnecessary risk-taking.
To make sure your confidence is well-founded, you need reference points for what good looks like. Here are our top three signs that you’re a high performer when it comes to cloud security; if you don’t have all three, read our new report on The State of Cloud Security in the Enterprise for insights into what you could be doing better.
1. Smooth Route to Live
If you have a smooth route to go-live, chances are security isn’t a blocker, but rather an accelerator for delivery.
This might mean you have:
- A well-defined release process that specifies when particular security aspects have to be completed, with examples on how to do them
- Guardrails built-in, meaning that as long as teams operate inside the constraints of those guardrails, they can launch fast with the confidence they meet most requirements for go-live
2. Measure Everything
If you don’t measure, you can’t know if you’re improving. While it’s true that any metrics in the organisation will be gamed, it’s still important to measure things like:
- How quickly a team cam meet their cloud control requirements
- How long security operations centre (SOC) spends investigating a potential breach of a Kubernetes cluster, for example
- Mean-time to detect, respond, correct (MTTD/MTTR/MTTC)
- How long it takes to get through all the security gates
- Which steps in CICD take the longest
3. Happy Teams
One of the most important things for security teams in an organisation is to ensure that teams are happy with the security situation in the business. Security is often considered to be—or at least joked about being—a main blocker, which results in teams:
- Looking for workarounds, because the “official” way takes ages to do anything, and can which lead to a ton of shadow IT
- Not engaging with the security team, which means you don’t get feedback and can’t improve
It’s crucial that security teams try to engage with multiple teams and understand their pain points, delivery pressures and the business requirements. Empathy goes a long way!
For more insights and figures from our 2022 survey, check out our report on the State of Cloud Security in the Enterprise
