Insights from the Styra 2022 Cloud-Native Alignment Report

3 min read

IT leaders have historically managed all infrastructure decisions across storage, network, compute and other aspects of the cloud. But this isn’t necessarily the case today. As organizations move away from on-premise cloud infrastructure and adopt cloud-native technologies, modern developers are playing a larger role in decision-making — especially when it comes to policy decisions like the control of cloud-based tools and the code that runs on them.

Without a united approach that clearly defines individuals’ roles and responsibilities, IT leaders and developers risk stepping on each others’ toes — or worse, missing a task completely — during the cloud expansion process.

For a better understanding of where organizations’ priorities lie, we surveyed 350 IT decision-makers and 350 developers in organizations that use cloud-native environments. The results help identify both areas of alignment and gaps between IT decision-makers and developers. In the report, we also take a closer look at organizations’ plans for digital transformation in the next 12 months.

Three key findings from our report

Our survey results confirmed a need for a unified approach to cloud expansion. Although the 2022 Cloud-Native Alignment report covers various findings on the cloud-native expansion process, here are the top three takeaways.

1. Open source is driving digital transformation, but groups expect different challenges. Cloud-native and open-source technologies are becoming ubiquitous across industries. We found that 97% of IT decision-makers and 96% of developers indicated their organizations will expand the use of cloud-native and open-source tools over the next year. Despite alignment on the continued adoption of these technologies, each group anticipates different challenges.

IT decision-makers (63%) are primarily concerned with training employees to use new tools. Meanwhile, the majority of developers (70%) expect their biggest challenge to be onboarding each piece of new technology and phasing out old technology. This misalignment could be due to the attitudes of each group when implementing new tools: Decision-makers are apprehensive since they are responsible for a successful rollout, but developers typically want to release offerings as quickly as possible.

Open communication between the two groups is vital to introducing new technologies. On the one hand, developers should consider how they can help with the employee adoption of new technologies. On the other, IT decision-makers must consider the necessary steps developers take for effective technology implementation.

2. Security remains a top priority. CISOs and CIOs have their plates full given the recent increase in cyberattacks. Unsurprisingly, 77% of IT decision-makers said their organizations will prioritize boosting data privacy security measures over the next year. Cloud application initiatives are the top priority for developers, but half of these respondents still agree that their organizations should prioritize improving data privacy security measures.

Developers haven’t always been this involved in security initiatives. But with complex internal application authorization and policies, and an increasing number of compliance regulations, security is now top of mind for developers creating cloud applications. This alignment on the need for tighter security presents an opportunity for increased collaboration to achieve the shared goal.

IT decision-makers and developers need to find an approach that’s tailored to a cloud-native environment. To make the most of the speed and flexibility of the cloud, IT decision-makers and developers must automate processes to avoid wasted time and resources.

3. Ownership of security is unclear. The overwhelming majority of IT decision-makers and developers (97% of both groups) agreed that cloud security is strong at their organizations. Additionally, 99% of decision-makers and 97% of developers are confident their organizations’ existing security tools and technologies will extend to protect their cloud environments.

The problem? Both groups of respondents are misaligned on which teams within their organizations handle policy, compliance and cloud security responsibilities.

For example, 45% of IT decision-makers indicated that the IT infrastructure/operations team at their organization is responsible for defining policies that control how cloud applications are secured and managed. When asked the same question, only 23% of developers thought their IT infrastructure/operations team managed and defined these policies.

This misalignment can result in wasted time and resources from repeated work or missed tasks, creating vulnerable cloud environments. To avoid this, developers and IT decision-makers need to clear up ambiguity as they proceed with more complex cloud-native implementations. One way they can do this is to implement policy-as-code solutions, like Open Policy Agent. This solution enables improved security and governance for IT and security teams when managed by a unified authorization control plane like Styra Declarative Authorization Service (DAS).

Download the complete report for more insights

As organizations further their investments in cloud-native and open-source technologies, it’s important that IT decision-makers and developers come together in their approach. To ensure alignment on each initiative, organizations should take advantage of both commercial and open source solutions.

Download our 2022 Cloud-Native Alignment Report: Key Success Factors in the Transition to Cloud-Native for a deeper understanding of organizations’ positions as digital transformation continues. The report takes a closer look at various tools and applications that help increase collaboration and how organizations can enhance their cloud-native security.

Cloud native

Entitlement Explosion Repair

Join Styra and PACLabs on April 11 for a webinar exploring how organizations are using Policy as Code for smarter Access Control.

Speak with an Engineer

Request time with our team to talk about how you can modernize your access management.