2021 State of Cloud Adoption Report Key Findings & Recommendations for Improving Cloud Security

Cloud adoption is accelerating across mid-to-large enterprises, with security teams playing a crucial role in enabling secure transformation.

The 2021 State of Cloud Adoption Report provides insights from 150 IT leaders and decision-makers across the U.S. and U.K., focusing on how enterprises are developing cloud applications and managing security risks. This blog summarizes key findings and actionable recommendations for improving cloud security practices in complex, evolving environments.

Who Participated in the Study?

The report surveyed experienced professionals from large enterprises actively building and securing cloud applications.

  • Majority were from organizations with 500+ developers

  • 75% of respondents were from the U.S., 25% from the U.K.

  • Roles included CTOs, CISOs, AppSec leaders, and software architects

  • Most participants were responsible for cloud application development and security strategy

Why Is Senior Management Buy-In Critical?

Cloud initiatives require strong executive sponsorship to drive alignment across business and technical units.

Respondents noted that without C-level support, cloud enablement efforts often stall. Security becomes a business enabler only when aligned with organizational value streams, such as speed to market, compliance, and risk mitigation.

Cloud Application Migration Trends

Over 60% of on-prem applications are expected to migrate to the cloud within two years.

Migration Type Percentage of Applications
Migrating to the Cloud ~60%
Cloud-Native (New) ~50%

Organizations are not just lifting and shifting; they are re-architecting apps to optimize for cloud scalability, security, and resilience.

Key Internal Challenges to Cloud Security

Security requirements, integration complexity, and skills gaps are the top internal barriers.

Challenge % of Respondents
Defining security requirements 46%
Integrating with on-prem systems 41%
Lack of skilled resources 36%
Political/organizational issues 24%

Security is increasingly being addressed earlier in the SDLC, indicating a positive shift toward DevSecOps practices.

Drivers of Cloud Adoption

Remote workforce enablement and speed to market are the top reasons organizations embrace the cloud.

Business Driver Rank #1 Preference
Enabling remote work 41%
Bringing tech to market faster 28%
Increasing agility 25%
Reducing infrastructure costs 6%

Security models must evolve alongside business priorities, supporting policy-driven access and compliance in hybrid environments.

What Security Value Are Teams Expected to Deliver?

Security teams are expected to do more than block risk — they’re enablers of faster, compliant cloud development.

Value Delivered by Security Teams % of Respondents
Securing cloud configurations 50%
Accelerating time to market 39%
Establishing architectural guardrails 34%
Supporting compliance & governance 32%

Security must be integrated into development pipelines via automated guardrails, reference architectures, and training.

Adoption of Proactive Security Measures

Proactive security practices are growing, but threat modeling remains underutilized.

Proactive Activity % Adoption
Risk assessments 72%
Secure coding guidelines 59%
Compliance by design 55%
Threat modeling 39%

Greater standardization and tool support are needed to scale practices like threat modeling and compliance integration across pipelines.

Automation Is Essential for Scaling Security

The more organizations move to the cloud, the more they demand automation of security and compliance processes.

  • 100% of respondents expressed interest in automation

  • Those migrating 90 %+ of apps to the cloud showed the strongest interest

  • Gaps exist between policy creation and DevOps implementation, highlighting the need for integrated, policy-aware security platforms

Final Thoughts

Cloud security isn’t just a technical requirement — it’s a strategic enabler of digital transformation.

As enterprises scale their cloud footprint, security leaders must evolve from gatekeepers to collaborators. This means embedding security early, aligning with business value streams, and automating enforcement. The opportunity now is to build security not as a blocker, but as a trusted accelerator for innovation and agility.