We’ve been hearing about the transition to the cloud for close to a decade, and over time, many companies have been making gradual moves from on-premises infrastructure to alternatives hosted by AWS, Azure, and Google Cloud. But in the last two years, spurred mainly by the COVID-19 pandemic and work from home policies, companies were forced to make the jump to cloud infrastructure in a matter of weeks.
This rapid shift, while remarkable, has left some organizations more vulnerable to threats from malicious actors. This brief moment in time has also seen some of history’s most severe cyberattacks, including those on SolarWinds, Kaseya, Colonial Pipeline, and JBL Foods.
So while transitioning to the cloud was a revolutionary act for businesses, building and maintaining cloud security is now the leading and vital trend. We asked some leading cloud security experts for their predictions about cloud security in the coming year including:
- Kubernetes security
- Security management for multi-cloud environments
- Attack surface management expansion
- SaaS governance maturity
This is a collection of their thoughts and some insights of our own.
Container-based architecture, and in particular the use of Kubernetes, is growing steadily among businesses. As of December 2021, there were more than 5.6 million Kubernetes developers, representing a 67% increase from 2020.
Kubernetes and containers allow for faster application development. However, they were designed for developer convenience and not necessarily security. Red Hat’s 2022 State of Kubernetes Security report found that issues with security are hindering even more wide-scale Kubernetes adoption and application innovation. Among the 300 security professionals surveyed, 93% reported at least one security incident in their Kubernetes environment over the past year, while 31% noted it had resulted in customer or revenue loss.
Many resources exist as guides for best practices with security with Kubernetes (including their official documentation). Companies should be mindful about reviewing them as they transition into container-based architecture.
Multicloud Security Management
A shift to the cloud rarely means migrating all of your data to the infrastructure of one vendor. A multicloud environment where data is split between multiple vendors with private and public options is increasingly becoming the norm. However, the use of this type of environment presents some challenges.
According to a report from the Cloud Security Alliance, the most common challenges companies face in a multicloud environment include:
- Lack of professional security expertise
- Regulatory and industry compliance concerns
- Lack of visibility into cloud resources
The report also suggests that these multicloud issues will lead to the development of more security tools to meet the needs of this environment.
Attack Surface Management Expansion
The move to hybrid and remote work environments exponentially increased the number of attack surfaces with the potential to be exploited. Mobile phones, tablets, home routers, and IoT devices could all be at risk if companies don’t have proper security procedures in place.
Attack-surface management tools are evolving in the same way that companies are including the monitoring of remote hardware, SaaS applications, and third-party supply chain vendors.
SaaS Governance Maturity
When thinking about recent high-profile cyber attacks, it is worth considering who the ultimate victims are. In the case of SolarWinds, U.S. government agencies and major corporations were the actual targets and bore the brunt of damage. In the case of the Kaseya ransomware attack, over 1,500 small businesses who had received the software from their MSPs were ultimately affected.
These situations and others like it are forcing companies to reevaluate their technology supply chain and develop measures to hold vendors accountable for security breaches.
A major shift to the cloud has led to an additional shift in how businesses secure their operations. Cloud security professionals expect us to see an increased focus on Kubernetes security, multi-cloud management, attack surface management, and SaaS vendor accountability in the years to come.
Teams of tech marketers are keeping up with these security trends and communicating best practices to audiences of all levels.
What cloud security trend do you see in 2022 and beyond? Let us know!