Even as cloud adoption continues to accelerate, that doesn’t mean it’s all smooth sailing. When asked about their organization’s primary cloud inhibitor, security concerns were the second most popular choice (47%), trailing only cost issues (51%). A closer look reveals some interesting differences in cloud program inhibitors by region, role, company size, and industry:

• Security was the top concern for financial services organizations and healthcare/ biotech companies. Some 59% of finserv firms named security a top-three concern, as did 52% of healthcare/biotech respondents. Notably, security was named as a top-three cloud inhibitor by just 39% of entertainment/media firms and 41% of software and services companies.
• Geographically, security concerns were most pervasive in the Asia-Pacific region, cited by 52% of respondents, while respondents in Europe/Middle East/Africa had the lowest percentage (39%).
• Security concerns also varied significantly by organization size. Not surprisingly, perhaps, small businesses (<100 employees) were least concerned, with just 38% of these respondents calling security a top-3three cloud inhibitor, compared to 55% of large enterprises (>5,000 employees).
• By role, business decision makers (40%) named security as a top-three cloud inhibitor notably less often than practitioners (47%) and technical decision makers (46%) did.

Why might business decision makers see security as less of an inhibitor than do practitioners or technical decision makers? Possibly because business decision makers must weigh the costs and benefits of moving to the cloud, whereas practitioners and technical decision makers are tasked with implementation and focus more on how to make it successful.

But just as cost calculations in the cloud can be complicated, security isn’t just a cloud concern for the survey respondents, it can also be a cloud benefit.

When asked what business and technology factors were driving their multi-cloud adoption, security and governance was mentioned in the top three by 16% of respondents. As you might expect, cloud security was an even more important driver in the public sector (19%) and the financial industry (18%). One significant geographical difference was that only 11% of Latin American respondents cited security as a multi-cloud driver.

Security doesn’t live in isolation. According to one solution engineer, “The main thing is the security concerns, privacy, regulatory control of the data, and all costs involved around it.” But as another security engineer noted, “Cloud services allow more granular security controls.”

The concept of security can cover many things, so what exactly are practitioners and decision makers really worried about? A lot of different things, it turns out, and no single concern was mentioned by more than half of respondents.

If those are the security threats, what’s keeping organizations from solving them? When it comes to security, the most common challenges involve staff and skilling issues, cited by more than a quarter (26%) of respondents.

Notably, a shortage of the proper skills was called out as a top-three challenge to operationalizing multi-cloud overall by more than half (57%) of respondents. That could be why almost 18% of respondents are using or plan to use commercial security tools as a service. Interestingly, only 3% of respondents were concerned about financial costs when it comes to security, possibly because security is considered so important that when a security issue is identified, a budget will be allocated to address it.

Survey respondents overwhelmingly agreed that the right tools are critical for managing multi-cloud environments and for every component of their cloud efforts, including provisioning, networking, security, and application deployment. Ninety-four percent of respondents called infrastructure automation tools “important” or “extremely important” to operationalize their multi-cloud environments.

Surprisingly, despite the importance of security in cloud environments, just about half (50%) of respondents use infrastructure automation tools in the security arena, trailing provisioning (75%), application deployment (69%), and networking (58%). That may be about to change, however, as 44% of respondents plan to use infrastructure automation tools for security, easily topping the other four components.

Survey respondents from different industries expressed varied cloud inhibitors, security concerns, business challenges, and provided insight into cloud adoption. Not too surprisingly, a current area of focus across industries is a shortage of the skills needed to help implement their cloud initiatives. As noted above, that could be why so many companies are looking to leverage security automation tools.

The survey showed an overwhelming share of organizations find infrastructure automation tools are critical to overcoming their cloud challenges. And provisioning was the most widely used category of infrastructure automation tooling. Roughly 90% of respondents indicated they’re either already using automated provisioning tools or will be in the next 12 months for provisioning purposes — only about 3% have no plans to use them.

Not surprisingly, perhaps, usage of automated provisioning tools was correlated with cloud spending. Approximately 65% of companies budgeting less than $100,000 in annual cloud spending already use automated provisioning tools, compared to 79% of organizations with annual cloud budgets of $2 million or more.

Regionally, it turns out that respondents in Europe/Middle East/Africa report the greatest use of provisioning automation tools (78%). Historically, the EMEA region is often seen as a “do more with less” area, where they don’t often spend big money on top-tier software licenses, instead working to fill gaps in open source software with processes and tools. And, in fact, respondents in EMEA were most likely (48% vs. 39% globally) to choose to “build on open source and run it myself” when it comes to provisioning tools. On the other hand, respondents in the Asia-Pacific region were most likely to have no plans to use provisioning tools. Additional regulatory concerns could be one factor behind this regional disparity.

The COVID-19 pandemic also impacted adoption of provisioning tools. Of the 54% of organizations that reported the pandemic accelerated their digital transformation initiatives with regards to shifts to cloud or multi-cloud adoption, infrastructure as code was the most likely area to be affected.

Even as adoption of multi-cloud architectures is expected to grow from 76% today to 86% in two years, key concerns remain. The most significant challenge hindering organizations’ ability to operationalize multi-cloud was a shortage of key skills, cited by 57% of respondents. Notably, the next most common response, inconsistent workflows across cloud environments, was cited by only 33% of respondents, a full 24 points behind skills shortages.

The survey also looked at cloud challenges by component, and taking a provisioning-centric view, staff and skilling issues were still the top concern, but the differences were much narrower.

Breaking the data down by industry shows the skills shortage is disproportionately impacting the public sector (25%) and retail/consumer goods industry (23%) the most.

The survey showed that many organizations invested significant resources in their multi-cloud initiatives, including a third of respondents who budgeted $2 million or more per year (15% boasted $10 million+ cloud budgets!). Surprisingly, however, this did not always directly translate into greater spending on provisioning tools. Two-thirds of respondents use or plan to use some form of open source automation tooling for provisioning. Looked at another way, two-thirds of respondents are running their own provisioning tools instead of consuming a managed service.

The relatively sparse interest in managed service offerings becomes even more interesting in the context of the top cloud challenges mentioned above. Adoption of Software-as-a-Service (SaaS) solutions would seem to be a natural response to skills shortages, complex manual processes, and a fast-moving environment. With a SaaS approach, teams could refocus their time away from maintaining and operating their custom tooling into automating the manual processes that appear to be slowing them down.