Cloud services have become a multi-billion dollar industry – and the growth of this burgeoning market shows no sign of abating. With Gartner forecasting a 17% year-over-year surge in public cloud revenue for 2020, it’s clear that the world is trending toward wider cloud adoption across all industries. Looking ahead to cloud security 2021 and beyond, we should likely begin to see an increasing surge of enterprises – even governments – moving workloads to the cloud.
For many organizations, the shift to the cloud also means completely reimagining and optimizing their stacks to achieve a cloud-native implementation. This means that, in the years ahead, a few new security trends will likely take hold.
To ensure you’re prepared for the rapidly approaching cloud-native future, here are four cloud security trends that IT and security leaders should keep an eye on.
Organizations understand the inherent risk in using dozens of security products to manage cloud infrastructure. Even a small organization might manage 15-20 separate security tools. On the other end of the spectrum are some of the largest organizations, which often find themselves fatigued by the effort to manage more than 120 separate security products.
Security teams are hungry for solutions that will provide risk clarity for their cloud presence. Cloud providers like Azure, Google, Alibaba and AWS have their own native security features – but these nascent offerings are limited in what they are able to protect and are often not well-integrated. Most organizations use multiple cloud service providers in addition to their own private clouds or on-premises hardware. This hybrid operating model is a security problem the cloud service providers are not yet able to address.
Looking at the year ahead and beyond, we’ll begin to see the rise of cloud native security platforms (CNSPs). These platforms will enable security teams to manage all their security across public, private and hybrid clouds from a single console. Siloed security solutions will be integrated into these comprehensive platforms: capabilities such as governance and compliance, threat detection and response, container security, data loss prevention and serverless security will all live in a single pane of glass. Watch for these platforms to develop and mature over the next two years.
Machine learning has long been one of the biggest buzzwords in technology. Much of the marketing hype has positioned it as a near-magical solution for just about any challenge. However, in practice, ML “solutions” have yet to offer many practical applications for security.
This will change over the next 18 months, as we start to see examples of ML deployed within some very specific use cases. It will start to show up in areas like data classification, malware detection and automated reasoning, i.e., ML that can evaluate security configurations from multiple different angles, as an attacker would. A great example would be the area of identity and access management. Automated reasoning will be utilized to determine if policies are effective, overly permissive, etc.
Most organizations understand the tactical benefits of shift left, but adoption has lagged. However, as cloud security consolidation progresses and CNSPs become more common, security teams and their DevOps counterparts will have a more viable path to shift left. These platforms will give organizations the ability to seamlessly integrate security into the development pipeline, and will ensure cloud-agnostic protections across all clouds.
For example, many organizations are rapidly adopting infrastructure as code (IaC) as they attempt to automate more of their build processes in the cloud. When teams shift to IaC, they can avoid the manual creation and configuration of infrastructure in favor of writing code – IaC templates are a great way to consistently enforce security standards. CNSPs can scan IaC templates for issues in the development pipeline and also offer automated remediation to quickly address any security issues in the cloud environment.
The challenge today, however, is that DevOps teams are not reviewing IaC templates for misconfigurations. Recent Unit 42 research indicates while IaC offers security teams a predictable way to enforce security standards, this powerful capability remains largely unharnessed. In the same report, Unit 42 researchers found nearly 200,000 insecure IaC templates in use.
The broad adoption of a multi-cloud strategy creates visibility issues. As we move into the new decade, security teams and IT leaders will continue to search for ways to gain the level of visibility they once enjoyed on-premises. Highly dynamic cloud resources make visibility difficult.
However, security platforms that leverage cloud provider APIs will offer richer context for cloud based workloads, including containers, serverless and Platform as a Service (PaaS). Much of this will be fueled by the consolidation of smaller or single-function vendors (for example, providers offering cloud workload protection or data loss prevention). By 2021, these niche vendors will likely find themselves choosing between acquisition or liquidation because the market is beginning to demand integrated platforms vs. point solutions.
As we enter a new era in cloud security, there’s little doubt that public cloud platforms will continue to evolve at warp speed. This unprecedented rate of change will force organizations to continually rethink the way they build and manage their applications. The accessibility and ease-of-use provided by the cloud has opened the door to unfettered innovation – empowering business owners to move fast and deliver enormous value.
This accessibility and ease of use has also had the adverse effect of rendering many traditional security and governance models all but obsolete. As a result, security teams need to reevaluate existing processes and tools to ensure they are able to keep up with both the risks and demands the business requires in the age of cloud native.
For more about the future of cloud security, view sessions from the Cloud Native Security 2020 Virtual Summit for free and on-demand.
This article originally appeared in The New Stack.