Hurwitz & Associates: Leaders Find Winning Cloud Security Strategy in Automation

New Survey Shows That Balancing Velocity and Security in the Cloud Starts with Adopting New Approaches to Security

January 31, 2018

Mountain View, Calif. – January 31, 2018 – Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced findings from “Balancing Velocity and Security in the Cloud,” the latest report from Hurwitz & Associates. Based on quantitative research, as well as qualitative interviews with industry practitioners, Hurwitz & Associates sees clear evidence that businesses are increasingly evolving their security strategy to advance their cloud strategy. The findings demonstrate that balancing velocity and security in the cloud starts with adopting new approaches to security.

“Customers are increasingly depending on cloud computing to support the need for business agility and speed of transformation. However, to be successful business leaders need assurance that cloud security is handled in a predictable manner through automation to ensure compliance and predictability,” according to Dan Kirsch, the study author and vice president, principle analyst at Hurwitz & Associates.

In the cloud, continuous integration practices shorten cycle times and improve efficiency. When confronted by the cloud’s increasingly complex and dynamic network environment, it is difficult for security to keep pace. According to the report, approximately 35% of the organizations surveyed are taking a cloud-first approach meaning that all new projects are done on the cloud. In addition, nearly 50% of participants are taking a selective approach to the cloud, where significant and large projects are being developed or migrated to the cloud while others will continue to remain on premises. The survey also found that automation is critical. Almost all respondents (95%) agreed that “cloud automation is increasingly important to meeting our business goals.” However, 40% of respondents felt that their security solutions aren’t as flexible and scalable as the rest of “our” cloud.

“The high velocity and scale of public clouds are shattering everything the security industry has assumed for the past 10 years,” said Sanjay Karla, co-founder and Chief Product Office at Lacework. “The acceleration of cloud adoption is now paving the way for security teams to deploy automated security solutions that naturally augment security teams’ ability to continuously validate their cloud configuration for security and maintain secure daily operations in the cloud.”

Survey respondents agreed that security is a top priority for their cloud solution. Additional findings by Hurwitz & Associates include:

  • Asked to rank-order seven possible cloud solution characteristics, “safe and secure” topped over half of the lists (53%). The next most mentioned priority – “deliver new services and updates faster” – topped only 13% of the lists.
  • 85% of respondents recognized that “cloud security is different than traditional data center security.”
  • Only 35% of respondents felt that “security limits our ability to maximize the benefits of DevOps and operations automation,” and 78% agreed that “we fix security vulnerabilities fast enough to avoid significant business risk.”
  • Nearly 75% agreed that “controlling vulnerabilities related to unpatched or downrev software is a challenge.”
  • Only 35% felt “SIEM tools give us all the security visibility we need.”

Hurwitz & Associates surveyed 85 IT leaders from the Americas and Europe. Participating companies ranged from mid-size organizations to large enterprises. Most participants (56%) worked at organizations with more than 10,000 employees and a variety of industries are represented with most participants coming from: financial services, telecommunications & technology, manufacturing and retail.

Lacework delivers security and compliance capabilities specifically designed for the cloud, bringing speed, scale and automation to security processes that have traditionally been labor-intensive. The company recently announced new features that enable Amazon Web Services (AWS) customers to easily and continuously maintain an AWS cloud configuration that is compliant with proven security best practices. Lacework also introduced security controls targeted at AWS S3 buckets, enabling AWS customers to rapidly identify S3 buckets at risk or compromised due to misconfiguration. Through a targeted auditing of S3 configuration, Lacework ensures that all buckets are configured with best practices for logging, encryption and versioning, then provides continuous monitoring with AWS CloudTrail events and workload activity analysis. To learn more about Lacework, please visit and follow the company on Twitter and LinkedIn.


About Hurwitz & Associates
Hurwitz & Associates is a strategy consulting, research and analyst firm that focuses on how technology solutions solve real world customer problems. Hurwitz research concentrates on disruptive technologies, such as analytics, machine learning, cognitive computing, security, and cloud computing , and service management. Their experienced team merges deep technical and business expertise to deliver the actionable, strategic advice clients demand. Additional information on Hurwitz & Associates can be found at

About Lacework
Lacework brings automation, speed and scale to cloud security, eliminating manual, repetitive tasks and enabling security teams to keep up with DevOps. Specifically designed for the cloud, the Lacework security platform monitors workloads, applications, processes, containers, machines, users and accounts to automatically surface anomalous behaviors out of billions of events per hour. Lacework provides unprecedented visibility, automates breach detection, delivers one-click investigation and simplifies cloud compliance. Based in Mountain View, California, Lacework is a privately held company that was incubated by Sutter Hill Ventures. Find out more at

Media Contact
John Kreuzer
Lumina Communications on behalf of Lacework
(408) 896-3307