Cloud-native security remains a significant roadblock to cloud migration with very few organizations prepared to secure their cloud applications, data and infrastructure.

That’s according to Palo Alto Networks‘ first annual State of Cloud Native Security Report. The report spans 3,000 cloud architecture, InfoSec, and DevOps professionals across the United States, the United Kingdom, Germany, Australia and Singapore.

The findings cover the state of cloud adoption, common cloud-native security challenges, and best practices for securing cloud-native workloads.

John Morello is Palo Alto‘s vice president of product management for Prisma Cloud Compute. He said organizations are having a tough time navigating a complex technology landscape. They find it difficult to choose future application architectures or supporting technologies, he said.

Additionally, enterprise leaders often have compliance or regulatory concerns, he said.

Cloud Security Issues

Key findings include:

Palo Alto Networks’ John Morello

“One of the top surprises was that 73% of companies shared that they struggle to clearly delineate between their cloud service provider’s security responsibilities and their own,” Morello said. “Given how widely used the cloud is already, it’s surprising that companies are struggling to understand their responsibilities. However, with the complexity of modern architectures and the ever-evolving cloud landscape, you can understand why this is a challenge.”

Cloud will become the dominant computing model over the next 24 months, according to the report.

“Organizations should understand that they are ultimately the ones responsible for their applications, data and infrastructure,” Morello said. “Leaders should ensure that their security tooling is purpose-built and optimized to cover all areas of the tech stack that are their responsibility, including technologies they may plan to use in future.”

Top Challenges

The top three challenges for moving workloads to the cloud include technical complexity, maintaining comprehensive security and ensuring compliance.

More security tools doesn’t necessarily mean better security, according to Palo Alto. Companies investing more than $100 million in cloud are trimming the number of tools they use. And 53% of this spending group use just five or fewer cloud security tools.

Cloud security spending is highest for companies with an annual cloud budget of $100 million or more. Thirty-four percent of these high spenders allocate 16% or more of their cloud budget to security.

“We hope security leaders will be able to better understand their security preparedness – a trend line we measured in the report – and how they can improve their current level of preparedness,” Morello said. “We hope MSSPs and cybersecurity providers can provide education and leadership to guide organizations to improve their cloud-native security posture.”