Press Release

Report Confirms Rapid Cloud-Native Adoption

April 27, 2021

Coalfire/ESG Research Highlights DevSecOps Progress and Opportunities


WESTMINSTER, CO, April 27, 2021 – In collaboration with Enterprise Strategy Group (ESG), cybersecurity provider Coalfire has released a research report confirming that cloud-native is resulting in more complex IT architectures and introducing new risks.

The report, “Cloud-Native Security Trends and Insights – Finding the Smartest Path to Your Secure Cloud,” surveyed nearly 400 senior IT and security managers about their organization’s expansion plans into cloud-native environments with continuous integration and deployment (CI/CD) controls. The research produced insights from across all major industry categories in the U.S. and Canada on how mid-market and large enterprises are integrating development security operations while moving workloads and infrastructure to immutable public cloud, SaaS, PaaS, and IaaS environments.

“The research we’ve completed with ESG confirms that cloud-native is quickly becoming the ‘new normal,’ and that businesses will achieve majority adoption in just two to four years,” said Coalfire CEO Tom McAndrew. “From the developer’s laptop to production containers scaling dynamically in the cloud, security now spans every phase of application and product lifecycles. Though there is growing complexity in managing legacy systems in multi-cloud, heterogeneous environments, DevSecOps is the final ‘shift left’ of security integration across all IT architectures.”

Key report insights include:

  • Cloud-native is quickly replacing traditional IT, with a 50%increase in cloud-resident workloads expected over the next two years.
  • The shift is resulting in more complex IT architectures comprised of containers, and serverless functions alongside now legacy, VM-based applications and bare metal servers.
  • 41% of respondents identified automation of the introduction of controls and processes within SDLC and CI/CD as a top priority.
  • New approaches to security are required, but only 32% of organizations have fully incorporated security into the development operations process, the vast majority of respondents plan DevSecOps expansion in the next 12 to 24 months and consider it their highest priority.
  • There is a shift to a defense-in-depth approach with 57% of organizations now leveraging a combination of CSP and 3rd party tools -- up from 38% in 2019.
  • The need for breadth of coverage and depth of functionality is leading to the consolidation of point security tools, with 73%of organizations preferring to embrace a consolidated, centrally managed set of controls over the next 24 months.

“Cloud-native is happening fast, and organizations will need to move quickly and creatively to keep up with best governance and risk management practices,” said ESG’s Doug Cahill, VP Analyst Services. “Making ‘security first’ application and product development decisions is mission-critical to ensure protection across all attack surfaces in hyperscale, hybrid environments. ESG’s research shows that IT and security leaders are managing decisively to secure their business futures in a rapidly maturing cloud that’s right on the horizon.”

Access the full report:

About Coalfire 
Coalfire is the trusted cybersecurity advisor that helps private and public sector organizations avert threats, close gaps and effectively manage risk. By providing independent and tailored advice, assessments, technical testing and cyber engineering services, we help clients develop scalable programs that improve their security posture, achieve their business objectives and fuel their continued success. Coalfire has been a cybersecurity thought leader since 2001 and has offices throughout the United States and Europe.

About ESG

The Enterprise Strategy Group (ESG), recently acquired by Tech Target (Nasdaq: TTGT), is a leading provider of decision-support content based on user research and market analysis for global enterprise companies. For more information, visit


For media inquiries:
Mike Gallo
(212) 239-8594