HashiCorp State of Cloud Strategy Survey 2023: Inside the maturity model

This post is adapted from Survey Says: Cloud Maturity Matters, published on The New Stack on June 12, 2023.

The new 2023 State of Cloud Strategy Survey, commissioned by HashiCorp and conducted by Forrester Consulting, looks at what companies are doing in the cloud through the lens of a new model of operational cloud maturity — defined not by the amount of cloud usage, but by the adoption of a combination of technology and organizational best practices at scale.

The results were unambiguous: The organizations most committed to using operational best practices are deriving the biggest benefits from their cloud efforts, in everything from security and compliance to availability and the ability to cope with the ongoing shortage of critical cloud skills. High-maturity companies were more likely to report increases in cloud spending and less likely to say they were wasting money on avoidable cloud spending.

»Our cloud maturity model

To fully understand the survey results, however, it’s helpful to know something about the cloud maturity model developed by HashiCorp and Forrester to describe where organizations are in their cloud adoption journey. For the third annual State of Cloud Strategy survey, HashiCorp commissioned Forrester Consulting to survey almost 1,000 technology practitioners and decision-makers from companies in a variety of industries around the world, primarily those with more than 1,000 employees. (Forrester also conducted research for the 2022 State of Cloud Strategy survey.) We incorporated the maturity model into this year’s survey in order to gain deeper insights into the results.

As noted above, the maturity model is based on best practices, not results, so Forrester asked about respondents’ use of key practices across four technology layers, including infrastructure, security, networking, and applications, as well as their use of platform teams, a key indicator of organizational cloud maturity.

Respondents were awarded points based on their level of implementation of certain practices within these categories:

1. We do not use this practice at all (0 points)
2. We are adopting this practice (1 point)
3. We are standardizing this practice (2 points)
4. We are scaling this practice (3 points)

That data was weighted to give equal consideration to each of the five areas, and we used that data to separate respondents into three tiers:

• Low-maturity organizations, the lowest 25% of respondents, are experimenting with these practices.
• Medium-maturity companies, the middle 50%, are standardizing their use of these practices.
• High-maturity respondents, the top 25%, are scaling these practices across the entire organization.

»How high-maturity organizations are different

In area after area, the survey found that multi-cloud simply works better for highly cloud-mature companies. For example, more than three quarters (76%) of organizations in the high-maturity tier say multi-cloud is helping them achieve their business goals, and another 17% expect it to within the next 12 months. That compares to just 60% of respondents in the low-maturity tier who say multi-cloud is working for them, while another 22% expect it to do so in the next year.

»The great cloud skills shortage

The difference is even more pronounced when it comes to skills shortages, the most commonly cited barrier to operationalizing multi-cloud. It turns out that almost three quarters (74%) of high-maturity respondents say multi-cloud helps them attract, motivate and retain talent. That compares to less than half (48%) of low-maturity organizations who can say the same.

Other large differences between the benefits experienced by high- and low-maturity respondents showed up in the areas of compliance and risk (80% to 56%), infrastructure visibility/insight (82% to 59%), and speed (76% to 59%).

Also significantly, 79% of high-maturity organizations report that their multi-cloud efforts have resulted in a stronger security posture, perhaps because working in multiple cloud environments can help organizations keep their security professionals engaged, and also be a forcing function toward more intentional oversight of their security operations.

»Cloud spending and cloud waste

Despite macroeconomic uncertainty, 62% of highly mature companies boosted their cloud spending in the last year. That compares to 56% of respondents overall, and just 38% of low-maturity organizations. Yet even as they increased cloud spending, more than half (53%) of high-maturity respondents used multi-cloud to cut costs, compared to just 42% of low-maturity respondents.

At the same time, avoidable cloud spending remains high, with 94% of respondents reporting some degree of cloud waste (about the same as in the 2022 State of Cloud Strategy survey). But the factors contributing to that waste differ notably: Low cloud-maturity firms, in particular, struggle with over-provisioning resources (53%, compared to 47% for high maturity firms), idle or underused resources (55% compared to 51%) and lack of needed skills (47% vs. 43%).

»Multi-cloud drivers

High- and low-maturity organizations also differ on what drives their multi-cloud efforts. For example, along with the cost reductions noted above, reliability, scalability, security and governance, digital transformation and, especially, portability of data and applications are much more commonly cited by high-maturity organizations. On the other hand, multi-cloud drivers such as remote working, shopping for best-fit cloud service, desire for operational efficiency, backup/disaster recovery, and avoiding vendor lock-in were relatively similar across all levels of maturity.

»What are the business and technology factors driving your multi-cloud adoption?

»Multi-cloud maturity and the threat landscape

When it comes to security threats, 49% of both high- and low-maturity respondents worry about data theft (the top-ranking choice), and roughly equal percentages are concerned about phishing and social engineering attacks. Notably, though, while 61% of low-maturity companies rank password/credential/secrets leakage as a big concern, only 47% of high-maturity respondents share that worry. Similarly, ransomware is an issue for 47% of low-maturity respondents but just 39% of their high-maturity counterparts.

»What are the biggest threats that your organization faces when it comes to cloud security?

»Find out more

You can explore the full results of the survey on HashiCorp’s interactive State of Cloud Strategy Survey microsite, where you can also download Forrester Consulting’s Operational Maturity Optimizes Multicloud study, which presents the firm’s key survey findings, analysis, and recommendations for enterprises, as well as regional breakdowns of the data for the Europe/Middle East/Africa and Asia/Pacific regions.