* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/)
* 2018 Predictions \& R...

# 2018 Predictions \& Recommendations: The Year We Reject "Good Enough" Security in the Cloud

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F01%2F2018-predictions-recommendations-year-reject-good-enough-security-cloud%2F)  
[](https://twitter.com/share?text=2018+Predictions+%26%23038%3B+Recommendations%3A+The+Year+We+Reject+%E2%80%9CGood+Enough%E2%80%9D+Security+in+the+Cloud&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F01%2F2018-predictions-recommendations-year-reject-good-enough-security-cloud%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F01%2F2018-predictions-recommendations-year-reject-good-enough-security-cloud%2F&title=2018+Predictions+%26%23038%3B+Recommendations%3A+The+Year+We+Reject+%E2%80%9CGood+Enough%E2%80%9D+Security+in+the+Cloud&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2018/01/2018-predictions-recommendations-year-reject-good-enough-security-cloud/&ts=markdown)  
\[\](mailto:?subject=2018 Predictions \& Recommendations: The Year We Reject “Good Enough” Security in the Cloud)  
Link copied  
By [Matt Keil](https://www.paloaltonetworks.com/blog/author/matt/?ts=markdown "Posts by Matt Keil")  
Jan 05, 2018  
5 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/tag/cloud-security/?ts=markdown)  
[public cloud](https://www.paloaltonetworks.com/blog/tag/public-cloud/?ts=markdown)

[](https://www.paloaltonetworks.com/blog/predictions/?ts=markdown)  
[![cpr cs Blog 600x300](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/01/cpr-cs-Blog-600x300.png)](https://www.paloaltonetworks.com/blog/predictions/?ts=markdown)

*This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.*

For [2017, I predicted](https://www.paloaltonetworks.com/blog/2016/12/2017-cybersecurity-predictions-machine-learning-ai-driven-frameworks-shape-cloud-security/?ts=markdown) that a large-scale, public cloud-specific (e.g., IaaS, PaaS) breach would finally center industry attention on cloud security. This year, we did in fact experience some high profile security incidents in which we saw the following:

* \*\*Compromised servers monetized on the dark web:\*\*Hundreds of compromised Windows Servers were available for sale on the dark web, some with asking prices as high as $15,000 because they included user data and administrative access. In this case, customer public cloud accounts were quietly compromised and their resources monetized by attackers. It's worth noting that this is no different from past examples of a desktop or server in a corporate data center being compromised and used to steal user information or execute a large-scale DoS attack from a physical network. It just happens these servers are deployed in the public cloud instead.
* **Misconfigured applications and services:** There were numerous examples in 2017 of misconfigured applications and services that resulted in exposed data, ransomware and malware distribution.
  * Thousands of instances of a public cloud search service were found to be distributing POS malware from 2012.Infected servers became part of a bigger POS botnet with command-and-control functionality for POS malware clients that were collecting, encrypting and transferring credit card information stolen from POS terminals, RAM or infected Windows machines.
  * A popular open source database with permissive security settings was the target of a ramsomware campaign. The database was found to be widely deployed using either an early version with no security settings or a more current version with security settings that are permissive by default, requiring configuration. The result was more than 25,000 instances exposed, placing the contents within at risk.

These two misconfiguration cases are no different from the configuration errors made and taken advantage of in years past in applications and servers located on physical networks.

There are many other unknown factors behind these incidents, but two points are consistent across all of them: account owners must configure native security features to enable a functional deployment, and the applications and services within are deployed with permissive security by default, requiring configuration to improve security.

As organizations migrate to the public cloud, they sometimes tell us native security features, like security groups and web application firewalls, are "good enough" -- a puzzling position, to be sure. It is well documented by security organizations like MITRE that many of the same ports required to enable common public cloud applications (e.g., TCP/80, TCP/443, TCP/25 (SMTP), TCP/53 (DNS), TCP/3389 (RDP), TCP/22 (SSH), TCP/135 (RPC)) are the very same ports attackers commonly use for [evasion](https://attack.mitre.org/wiki/Technique/T1043) and [data exfiltration.](https://attack.mitre.org/wiki/Technique/T1048)

The question then becomes: if you were deploying new applications and data in a new data center now, would you take a step back and rely on "good enough" port-based controls for security? No. Then why do we see it happening in new public cloud deployments? History does indeed repeat itself -- we have learned that "good enough" is not good at all.

My 2018 PredictionDriven by these public cloud security incidents and likely more in the future, customers will reject the "native security is good enough" approach to protecting their public cloud deployments. There is a common misconception that the public cloud is more secure and therefore that basic security features are good enough. It's well known that users themselves often create the entry point for an attacker, sometimes inadvertently via a drive-by download or more directly via a phishing email, for example. Either way, once inside the network, the attacker gains a foothold and can move laterally to any resource, be it in the data center or in the public cloud.

We founded Palo Alto Networks on the premise that port-based access control was no longer good enough to protect your network. Applications no longer adhered to specific port-protocol development methodology, allowing tech-savvy applications and users to bypass them with ease by hopping ports, using SSL, sneaking across port 80 or using non-standard ports. Our approach uses the application identity as the basis for access control and threat prevention security policy, to protect the network. Customers and the market agreed. Now, we are applying the premise that "good enough" doesn't work for cloud, either.

My 2018 Recommendation

The shared responsibility model dictates that the cloud provider protects the infrastructure while the customer protects the applications and data. However, many organizations still do not fully grasp their role in the shared responsibility model. Despite cloud provider efforts to better educate, we see customers moving to the cloud and applying "good enough" security to protect their applications and data.

Security best practices dictate that protecting your applications and data in the public cloud should follow a prevention-based approach: understand your threat exposure through application visibility, use policies to reduce the attack surface area, then prevent threats and data exfiltration within the allowed traffic.

I recommend organizations take a more aggressive stance in embracing their role in the public cloud shared responsibility model and implement security as strong as that which protects their on-premise data centers. Not only can it be done -- it's the best way to ensure a secure cloud experience.

*** ** * ** ***

## Related Blogs

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### 8 AWS Security Best Practices to Mitigate Risk](https://www.paloaltonetworks.com/blog/2019/02/8-aws-security-best-practices-mitigate-risk/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### The Hole in Your Container Security Strategy](https://www.paloaltonetworks.com/blog/2019/02/the-hole-in-your-container-security-strategy/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Cloud Security, Yes -- But Is AI Ready for Its Cybersecurity Spotlight?](https://www.paloaltonetworks.com/blog/2018/10/cloud-security-yes-ai-ready-cybersecurity-spotlight/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Digital Transformation Starts With People Accepting Change](https://www.paloaltonetworks.com/blog/2018/02/digital-transformation-starts-people-accepting-change/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### The Epic Cloud Security Event: Welcome Salim Ismail!](https://www.paloaltonetworks.com/blog/2018/01/epic-cloud-security-event-welcome-salim-ismail/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown)

[#### Join Us February 6 for The Epic Cloud Security Event!](https://www.paloaltonetworks.com/blog/2017/12/join-us-february-6-epic-cloud-security-event/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language