Key Insights from the HashiCorp 2022 State of Cloud Strategy Survey: Multi‑Cloud Adoption, Security Priorities, and Operational Challenges

Majority of respondents have adopted multi‑cloud strategy

In the 2022 survey, 60% of respondents already use a multi‑cloud approach and another 21% plan to adopt it within the next 12 months.

Multi‑cloud strategy is successful

90% of respondents say multi‑cloud helps achieve business goals, up from 53% in the 2021 survey.

Motivations for adopting multi‑cloud

The top four drivers are reliability, digital transformation, scalability, and security governance. The 2021 "avoid vendor lock‑in" maps to 2022’s reliability, while cost reduction fell out of the top four and security governance rose.

Security and control are critical in cloud strategy

Key tools and plans include data protection/encryption, access control and session management, secret management, policy‑as‑code for compliance and governance, secure machine‑to‑machine connections, and golden‑image creation and management. Six of the top 13 factors relate to security.

Factors that hinder multi‑cloud operations

The primary obstacles are lack of skills, siloed teams with poor communication, compliance and risk management, insufficient training, and inconsistent workflows across different cloud environments.

What drives cloud spend waste?

Idle or under‑utilized resources

Over‑provisioned resources

Lack of required skills

Manual containerization (unclear)

24% of organizations exceeded their annual cloud budget, fueling the growth of FinOps practices.

Largest challenge identified

The biggest challenge is the complexity of multi‑cloud environments (multiple APIs, applications, and processes). IaC and other tools can mitigate it, but security concerns remain prominent.

Top threats to cloud security

Data theft

Ransomware

Phishing/social engineering attacks

Credential/secret leakage

Attacks on third‑party software or cloud providers

Threat actors (professional attackers)

Denial‑of‑service attacks

Cyber attacks on physical devices

Insider threats

IoT attacks

Cryptojacking

State‑sponsored attacks

Physical‑device cyber attacks are rising as critical infrastructure becomes network‑connected.

Automation is the cornerstone of cloud management

89% of respondents consider automation essential or important for managing multi‑cloud infrastructure. GUI‑only solutions are insufficient; automation should follow the chain API → SDK → Provider → IaC/IaS.

Stop building custom automation tools

Purchasing or using commercial/open‑source automation tools and SaaS services (e.g., Terraform, Kubernetes, Nomad) is now mainstream; building a competing tool from scratch offers no value.

Reflections for the year

Security importance cannot be overstated

Security is increasingly the decisive factor; breaches amplify the impact of any failure.

Many Chinese enterprises isolate private clouds from the public internet, but this does not guarantee security; automation, proper security tools, and protective measures remain essential.

Cost control opportunities

Budget overruns are a major concern; legacy mindsets lead to sub‑optimal cloud usage and higher costs. FinOps teams are emerging, but no single tool can instantly reduce spend.

People are the key to cloud success

Lack of skilled personnel is repeatedly cited as the top barrier; cultivating a large pool of qualified talent is critical, especially in China where public‑cloud penetration lags.