Cloud services have become a multibillion-dollar industry — and the growth of this burgeoning market shows no sign of abating. With Gartner forecasting a 17% year-over-year surge in public cloud revenue for 2020, it’s clear the world is trending toward wider cloud adoption across all industries.
Looking ahead to 2021 and beyond, we should likely begin to see an increasing surge of enterprises — even governments — moving workloads to the cloud.
The shift to the cloud, of course, also means completely re-imagining and optimizing their stacks to achieve a cloud native implementation. This means that, in the years ahead, a few new security trends will likely take hold.
To ensure you’re prepared for the rapidly approaching cloud native future, here are four cloud security trends that IT and security leaders should keep an eye on.
Cloud Security Consolidation Will Continue to Build Steam.
Organizations understand the inherent risk in using dozens of security products to manage cloud infrastructure. Even a small organization might manage 15-20 separate security tools. On the other end of the spectrum are some of the largest organizations which often find themselves fatigued by the effort to manage more than 120 separate security products.
Security teams are hungry for solutions that will provide risk clarity for their cloud presence. Cloud providers like Azure, Google, Alibaba and AWS have their own native security features — but these nascent offerings are limited in what they are able to protect and are often not well-integrated. Most organizations use multiple cloud service providers in addition to their own private clouds or on-premises hardware. This hybrid operating model is a security problem the cloud service providers are not yet able to address.
Looking at the year ahead and beyond, we’ll begin to see the rise of cloud native security platforms (CNSPs). These platforms will enable security teams to manage all of their security across public, private and hybrid clouds from a single console. Siloed security solutions will be integrated into these comprehensive platforms: capabilities such as governance and compliance; threat detection and response; container security; data loss prevention and serverless security will all live in a single pane of glass. Watch for these platforms to develop and mature over the next two years.
1. Machine Learning (ML) for Security Will Evolve Beyond Being a Buzzword
Machine learning has long been one of the biggest buzzwords in technology. Much of the marketing hype has positioned it as a near-magical solution for just about any challenge. However, in practice, ML “solutions” have yet to offer many practical applications for security.
This will change over the next 18 months, as we start to see examples of ML deployed within some very specific use cases. It will start to show up in areas like data classification, malware detection and automated reasoning, i.e., ML that can evaluate security configurations from multiple different angles, as an attacker would. A great example would be the area of identity and access management. Automated reasoning will be utilized to determine if policies are effective, over permissive, etc.
2. Security Teams Will Be Forced to Shift Left by the Increasing Speed of DevOps
Most organizations understand the tactical benefits of shift left, but adoption has lagged. However, as cloud security consolidation progresses and CNSPs become more common, security teams and their DevOps counterparts will have a more viable path to shift left. These platforms will give organizations the ability to seamlessly integrate security into the development pipeline, and will ensure cloud-agnostic protections across all clouds.
For example, many organizations are rapidly adopting infrastructure as code (IaC) as they attempt to automate more of their build processes in the cloud. When teams shift to IaC, they can avoid the manual creation and configuration of infrastructure in favor of writing code—IaC templates are a great way to consistently enforce security standards. CNSPs can scan IaC templates for issues in the development pipeline and also offer automated remediation to quickly address any security issues in the cloud environment.
The challenge today, however, is that DevOps teams are not reviewing IaC templates for misconfigurations. Recent Unit 42 research indicates while IaC offers security teams a predictable way to enforce security standards, this powerful capability remains largely unharnessed. In the same report, Unit 42 researchers found nearly 200,000 insecure IaC templates in use.
3. Vendor Consolidation Will Extend Visibility
The broad adoption of a multi-cloud strategy creates visibility issues. As we move into the new decade security teams and IT leaders will continue to search for ways to gain the level of visibility they once enjoyed on-premises. Highly dynamic cloud resources make visibility difficult.
However, security platforms that leverage cloud provider APIs will offer richer context for cloud-based workloads including containers, serverless and PaaS. Much of this will be fueled by the consolidation of smaller or single-function vendors (e.g. providers offering cloud workload protection, or data loss prevention). By 2021, these niche vendors will likely find themselves choosing between acquisition or liquidation because the market is beginning to demand integrated platforms vs. point solutions.
4. Prepare for the Future of Cloud Native Security — Today
As we enter a new era in cloud security, there’s little doubt that public cloud platforms will continue to evolve at warp speed. This unprecedented rate of change will force organizations to continually rethink the way they build and manage their applications. The accessibility and ease-of-use provided by the cloud has opened the door to unfettered innovation — empowering line of business owners to move fast and deliver enormous value.
This accessibility and ease of use have also had the adverse effect of rendering many traditional security and governance models all but obsolete. As a result, security teams need to re-evaluate existing processes and tools to ensure they are able to keep up with both the risks and demands the business requires in the age of cloud native.
For more insight from security thought leaders, Cloud Native Security Live, 2020 Virtual Summit is your opportunity to learn from the experience and expertise of developers, DevOps pros and IT leaders who all have so much at stake in container technologies and DevSecOps. Hosted by Palo Alto Networks in partnership with The New Stack, you can still virtually attend this event held Feb. 11, 2020, for a full day of discussions about cloud native security — brought to you online wherever you may be.
Feature image via Pixabay.