2022 Cloud Native Security State Report: Key Findings on Cloud Expansion, Security Posture, and Drivers

The report, produced by Prisma Cloud | Palo Alto, examines the latest priorities and topics within the cloud‑native security community, focusing on automation, DevSecOps, security posture, and open‑source tool usage, with the goal of providing actionable insights for 2022 and beyond.

Cloud Expansion and Strategy • During the pandemic, overall enterprise cloud usage rose more than 25%, yet organizations struggled with overall security, compliance, and technical complexity. • 39% of firms spent less than $10 million on cloud (up 16% from 2020), while only 26% spent over $50 million (down 17%). • Adoption of Platform‑as‑a‑Service (PaaS) and serverless grew 20%, whereas container and CaaS adoption grew more modestly.

Security Posture and Friction • Companies with a strong security posture are more than twice as likely to experience low security friction (i.e., minimal impact on operations). • 80% of firms with strong posture and 85% with low friction reported improved employee efficiency. • 55% of enterprises consider their security posture weak and need better multi‑cloud visibility, consistent governance, and streamlined incident response. • 80% of organizations relying primarily on open‑source security tools have weak postures, compared with 26% of those using native cloud‑provider tools and 52% of those using third‑party solutions.

Security Drivers • Nearly three‑quarters of enterprises now use ten or fewer security tools, with a 27% increase in firms using only 1‑5 vendors since 2020, indicating consolidation and richer functionality. • High levels of security automation double the likelihood of low friction and strong posture. • Adoption of DevSecOps is a primary indicator of top‑tier security; firms tightly integrating DevSecOps principles are over seven times more likely to have a strong posture and nine times more likely to experience low friction.

Conclusion Despite rapid changes in business strategy and resources, most enterprises successfully expanded their cloud footprint during the turbulent period. Prioritizing cloud infrastructure as a strategic focus and implementing proven security best practices—especially integrated DevSecOps and automation—are key drivers for successful cloud transformation.