We use security controls native to the cloud service provider or our orchestration platform
We use third-party security controls (e.g., commercial solution)
We use open-source security controls (e.g. Clair, Trivy, Osquery, Falco, Kube-Bench, etc.)
We develop our own set of security controls
None of the above
Don’t know
Application security testing (Software composition analysis, code scanning)
Cloud security posture management (CSPM)
Cloud workload protection platforms (CWPP)
Container security
Serverless Security
API Security
Cloud infrastructure entitlement management (CIEM)
Micro-segmentation
Web application firewall (WAF)
Data loss prevention (DLP) for object stores
None of the above
Don’t know
Assessment and benchmark
research powered by ESG