Which of the following controls are currently employed to secure your organization’s cloud native applications? (please check all that apply)

We use security controls native to the cloud service provider or our orchestration platform

We use third-party security controls (e.g., commercial solution)

We use open-source security controls (e.g. Clair, Trivy, Osquery, Falco, Kube-Bench, etc.)

We develop our own set of security controls

None of the above

Don’t know

Which of the following security use cases and areas of focus has your organization implemented to protect your cloud native applications? (please check all that apply)

Vulnerability management

Host hardening

Kubernetes hardening

Runtime monitoring

Micro-segmentation

Secrets management

Compliance mandates (e.g. PCI-DSS, HIPAA, etc.)

Malware prevention and analysis

Runtime threat protection

Auditing and forensics

Don’t know

Which of the following cloud security solutions is currently being used by your organization? (please check all that apply)

Application security testing (Software composition analysis, code scanning)

Cloud security posture management (CSPM)

Cloud workload protection platforms (CWPP)

Container security

Serverless Security

API Security

Cloud infrastructure entitlement management (CIEM)

Micro-segmentation

Web application firewall (WAF)

Data loss prevention (DLP) for object stores

None of the above

Don’t know

At what stage is your organization regarding consolidation of cloud security controls and using an integrated platform to protect your cloud native applications and infrastructure.

We have already consolidated to an integrated platform

We plan to consolidate to an integrated platform in the next 12 months

We are evaluating consolidating to an integrated platform

We do not plan to consolidate to an integrated platform

Don’t know

Assessment and benchmark
research powered by ESG