Press Release
Los Altos, Calif.
Jun. 28, 2018

Netskope and ESG Report Highlights Benefits Associated with Mature Cloud Security Strategies

Report benchmarks and establishes new cloud security maturity model to guide enterprise organizations; finds most mature organizations twice as likely to employ cloud security architect

LOS ALTOS, Calif. Jun. 28, 2018 — Netskope, the leader in cloud security, today announced the release of “The Maturity of Cloud Application Security Strategies,” a report commissioned by Netskope and conducted by the Enterprise Strategy Group that quantifies the business benefits of adopting user-led cloud services. The research reveals that organizations that take a pragmatic approach to securing the use of user- and business-unit-led-cloud services realize appreciable business benefits compared with organizations that take more draconian, coarse-grained approaches. According to the report, only 21% of organizations have adopted this kind of pragmatic approach.

Organizations are at different stages of their journey with respect to the maturity of their approach to cloud security, both in terms of their strategic approach to the cloud as well as tactical measures. The report establishes three fundamentally different stages of cloud security maturity, “discoverers” who primarily deploy cloud access security brokers (CASBs) to discover and assess shadow IT or user-led cloud services; “controllers” who apply cybersecurity policies, processes, and CASB technology to realizer the fundamental cybersecurity outcomes of preventing data loss and the introduction of threats; and the most mature category known as “enablers,” who are well aware of the use of user-led applications, but take a fundamentally different approach by securely enabling the business value they deliver to the organization.

“The data in this report shows that many organizations, including ‘enablers,’ still have work to do to fully realize the advantages of the cloud,” said Sanjay Beri, founder and CEO, Netskope. “To help the industry move closer to the final stage of maturity, we have developed a self-assessment tool for enterprises to gauge their process on the cloud security journey, and we look forward to working with enterprises around the world to accelerate their adoption of cloud services.”

According to the report, 48% of respondents were categorized as discoverers, 31% as controllers, and 21% as enablers. Other key findings include:


  • Cloud security maturity can affect financial performance: “Enablers” reported exceeding their revenue expectations by 4.9% on average. Alternatively, “controllers” and “discoverers” reported 3.6%, indicating that obstruction of the use of user-led cloud services can negatively affect financial performance.
  • Increased cloud security maturity leads to an increase in productivity: Nearly half of “enablers” reported user-led cloud services had a strong positive impact on productivity. Only 17% of “discoverers” and 23% of “controllers” reported the same.
  • Cloud Security Architect role can accelerate maturity: While nearly two-thirds of respondents reported their organization had a chief information security officer (CISO), only 23% indicated their company had a cloud security architect. Architects are not only steeped in the technical differences of cloud services, but also have a deep appreciation for the business agility cloud services provide. “Enablers” are more than twice as likely as other organizations to employ these leaders.


“User- and business-unit-led cloud services have challenged the traditional role of enterprise IT and security teams, demanding that these teams now decide how, not if, they will secure their organization’s use of the cloud” said Doug Cahill, senior analyst and group director, Enterprise Strategy Group. “This research highlights that organizations with the most mature approach to cloud services not only enjoy the most tangible business benefits, but also do so while mitigating their overall cloud security risk posture.”

Survey respondents were located in North America, Western Europe, and Asia Pacific. 88% of respondents worked at organizations with more than 1,000 employees, while 12% worked at organizations with 500-999 employees. Respondents worked for organizations in multiple industries, including manufacturing, financial services, healthcare, retail, and business services, among others.


A copy of the report is available for download here. Individuals can also self-assess their cloud security maturity via this interactive web tool.


  • Read a blog post on our findings
  • Register for the Netskope webinar “Can the Maturity of Your Cloud Security Strategy Make or Break Your Organization?”
  • Register for the 2018 Netskope World Tour to learn about Netskope for Web in your area

About Netskope

Netskope is the leader in cloud security. Using patented technology, Netskope’s cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope — security evolved. To learn more, visit our website.