Press release

You Might Be Cloud-First, But Security Is Still an Afterthought

Sponsored by Businesswire

A new report from ESG, released today at the second annual Cloud Native Security Summit, finds that security professionals regard their existing tools inadequate for securing critical cloud data, even as their organizations invest heavily, with increasing speed, in cloud applications. Commissioned by Capsule8, Obsidian, and Signal Sciences, the report, Retooling CyberSecurity Programs for the Cloud-First Era, warns of a security gap that is both wide and dangerous.

This press release features multimedia. View the full release here:

(Graphic: Business Wire)

(Graphic: Business Wire)

The report, based on surveys with responses ranging from approximately 392-600 senior IT decision makers and cyber security professionals, reveals that cloud-first strategies are becoming more common, with 39 percent of respondents from cloud-first organizations saying that they only consider on-premises if someone makes a compelling business case to do so. Moreover, in the next two years, 58 percent of respondents say they’ll have more than 40 percent of their data stored in the public cloud–and 45 percent of this data will be sensitive. Nonetheless, even with this shift to the cloud, 81 percent of respondents said their on-premises data security practices are more mature than those that are intended to secure cloud-resident data. At the same time, an alarming 50 percent of those surveyed say their organization has lost cloud-resident data.

Other key findings underscore how cloud security is lagging despite mass adoption of the cloud:

  • 90 percent of respondents worry about not having visibility into misconfigured cloud services, server workloads, network security, or privileged accounts
  • 83 percent also report concern about the misuse of privileged accounts by insiders
  • 35 percent say that the use of multiple cybersecurity controls has increased complexity and 66 percent say IT is more complex than it was two years ago
  • 43 percent cited maintaining consistency across the disparate infrastructures of hybrid, multi-cloud environments where cloud-native apps are deployed as the biggest challenge in securing cloud-native apps
  • 43 percent of respondents say that DevSecOps automation is the highest cloud security priority to address many of these concerns

The responses outlined in the report show that rapid development and the prolific release of cloud-native apps and practices happen at the peril of critical data that these resources are supposed to safeguard. That may be because many security operations take a legacy approach to securing data that harkens back to the pre-cloud and, in some cases, even the pre-web days. These systems just don’t work well in the cloud. This report is a call for a modern approach to security that is designed from the ground up to protect cloud-native environments.

To read the report, “Retooling CyberSecurity Programs for the Cloud-first Era,” which includes prescriptive advice for addressing these concerns, download at:

About Capsule8

Founded in fall 2016 and headquartered in Brooklyn, NY, Capsule8 is the only company providing high-performance attack protection for Linux production environments – whether containerized, virtualized, or bare metal. Capsule8 frees up SecOps teams, while being safe for even the busiest workloads, on the busiest networks. Founded by experienced hackers and seasoned security entrepreneurs, and funded by Bessemer Venture Partners, ClearSky and Intel Capital, Capsule8 is making it possible for Linux-powered enterprises to modernize without compromise. Learn more at

About Obsidian

Obsidian is a leading provider of cloud identity protection for the enterprise. The Obsidian cloud security solution offers a comprehensive approach to protect SaaS, PaaS and IaaS environments from account takeover, insider threat and identity sprawl. Obsidian continuously monitors activity, access and entitlements to provide a holistic view of threats and risks at the user, organization, and application levels. Customers see prioritized alerts that surface the most pressing security and posture concerns in the cloud. The company was founded by industry veterans from Cylance, Carbon Black and the NSA. Learn more at

About Signal Sciences

Signal Sciences is the fastest growing web application security company in the world. With its award-winning next-gen WAF and RASP solution, Signal Sciences protects over 25,000 applications and over a trillion production requests per month. Signal Sciences’ patented architecture provides organizations working in a modern development environment with comprehensive and scalable threat protection and security visibility. The company works with some of the world’s most recognizable companies, like Under Armour and WeWork, across industries, including five of the top ecommerce companies, and five of the largest software companies, in addition to many others in the financial services, retail, healthcare, media and entertainment, and government sectors. Signal Sciences is the recipient of InfoWorld’s Technology of the Year and Computing’s DevOps Excellence Award for Best DevOps Security Tool. For more information, visit Signal Sciences or follow @SignalSciences.

All product and company names herein may be trademarks of their respective owners.