Over the last year, I have met with a customer almost every day. COVID actually made it easier to schedule customer meetings and has allowed me to meet people from all over the world. Most of these organizations have advanced cloud transformation or development efforts in place. They represent both cloud native companies and more traditional companies who are now embracing the cloud. The practitioners and executives I talk to typically represent cloud security, DevOps or security engineering teams. I'm a relative newbie – my lack of expertise has forced me to be a good listener in these meetings (I wish I could say that more broadly) and take good notes about cloud security trends.
So I want to share my learnings from these customer conversations, which I am structuring into a "look back" and a "look ahead" section.
Throughout 2020, our development teams worked hard to deliver industry-first innovations and product refinements, much of it based on customer feedback. We launched nearly 600 new features and updates to help our customers protect their cloud environments, resources and workloads.
Below I have shared the top 20 features I've heard customers discuss in executive briefings and other meetings. But before I do that, let me first acknowledge that every feature our teams have launched, big and small, has had very strong customer adoption. My list has a bias towards those that have resonated in meetings, and is not a ranking of adoption.
Host & Serverless Security
Compliance, Visibility & Governance
New Cloud Security Capabilities
Take a look at all of our accomplishments from 2020 in this infographic.
Cloud adoption predates the emergence of Prisma Cloud and other solutions in this market. Organizations that started cloud journeys five or more years ago had little choice in terms of mature third-party products to augment what CSPs provided.
Consequently, most large companies have either built internal tools or adopted single-purpose solutions that don’t scale. This has created gaps in their security coverage. Maintaining the patchwork of infrastructure becomes more burdensome as they scale. Expect more of these large organizations to adopt a mature solution like Prisma Cloud as a solution for this scaling problem and accelerate their cloud journey.
Most organizations, including our customers, have started their cloud security journey by gaining visibility across their complex multi-cloud infrastructure and ensuring proper configuration. Customers are fast realizing that visibility is necessary, but not sufficient.
The next cloud security trend will be threat detection – continuously monitoring the entire software development lifecycle for new threats, from development through to runtime. Attackers are becoming more sophisticated, and organizations will be looking to stay ahead.
The key to success in this area will be tools that better enable continuous monitoring and increasingly automated remediation, informed by better intelligence streams.
Scanning container images and establishing trusted repositories is an industry-accepted best practice. As organizations become more adept at protecting their containerized development, and as attackers become more sophisticated, the focus is moving to protecting containers in runtime. Things like profiling workload behavior to detect anomalous behavior, or automating runtime policy management across process, network and file system sensors will be crucial.
The highest performing organizations are moving at lightning speed – DevOps teams are deploying more frequently than ever. In order to maintain that pace, they're using new tools like IaC to automate parts of the process.
Security teams will need to "shift left" and integrate tools and practices earlier and more frequently in the development process. To do this at a pace that matches their DevOps counterparts, they need automation. Scanning IaC templates and integrating security checks into CI/CD tools through automation will become increasingly critical.
Enterprise organizations will need to monitor many areas of their infrastructure, both internally and externally. Small, centralized security teams are responsible for widely disparate environments. They'll be looking to monitor posture and detect threats; secure hosts, containers, and serverless architectures across the development lifecycle; control permissions and identities across workloads and clouds; and secure cloud networks while establishing trust boundaries.
In order to do all of this as efficiently as possible, and to keep all of that information in context, organizations will need comprehensive platforms that serve multiple use cases.
Not everything in cloud is a passing trend. We will always be able to say for certain that if organizations are not thinking about a comprehensive, full-lifecycle approach to security, they will have gaps open to attacks on multiple fronts.
But now is the time to lay the foundation for strategies that will protect the future of your organization. One of the best ways to do it is to learn from others who are already successful. Learn what it takes to build out cloud security operations with our on-demand series, Building a Scalable Strategy for Cloud Security. These sessions explore ways to shift your organization’s mindset and approach, with best practices from those that have successfully navigated the challenges.