The COVID-19 outbreak knocked just about every prediction for 2020 out of loop. And, while the pandemic might still continue to linger throughout 2021, data breaches will continue to make the headlines. Cybersecurity threats will always be a serious point of contention as long as personal data is being weaponized as a precious commodity in the black market.
Indeed, cloud security proves to be an onerous task given the complex and dynamic nature of cloud stacks, the dearth of semantically preemptive security requirements, lack of solid taxonomical techniques, lack of transparency in the cloud back-end and paucity of ad hoc solutions to address the issue of security mechanisms.
As businesses and organizations rapidly migrate their data infrastructure to the cloud environment, the switch would entail a radical approach to optimize stacks and build a resilient cloud-native framework. To satisfy these desiderata, 2021 will give rise to some new cloud security trends which will likely transpire in enterprise security.
Zero-Trust Network Access (ZTNA) in Lieu of VPNs
The sudden transition to remote operations has opened a new window of vulnerabilities. In an endeavor to ensure real-time threat intelligence and give sanctuary to critical data, organizations turned to VPNs and VDIs for protection. However, they soon came to realize that these legacy security architectures do not map well to the virtualized environments. VPNs cannot be completely trusted and this is where Zero-Trust Network Access comes to light.
ZTNA, as the term per se, entails, revolves around creating a zero-trust policy - no user, transaction, or network traffic is trusted unless scrutinized through ZTNA lenses. This means that ZTNA moves beyond simple dichotomies thrusting both trusted and untrusted network traffics into the same bucket.
While ZTNA can undoubtedly improve network security, its proponents postulate an almost naïve and unrealistically optimistic view as regards the legacy challenges of data sprawl and other security processes subject to the ZTNA yardstick. Unfortunately, ZTNA is just a product, not a systemic approach. What we need in the upcoming year is a strategy and a vision, not a toolset. As is often the case with potential technological innovations, the extensive publicity eludes reality and without proper implementation expertise, ZTNA will remain a mere buzzword.
Serverless
AWS lately marked its 14th anniversary in the public cloud infrastructure by continuously adding layers of abstraction on top of existing cloud services. Cloud security specialists place Serverless among the top 10 quickest-growing PaaS platforms for 2021. In point of fact, Google search trends noticed an expansion in popularity for “serverless” queries resembling the attractive notion of “Map Reduce,” which has seen a significant uptick in attention from 2004 onwards.
Emerging cloud computing platforms have usually offered novelty value in programming languages and security enterprises. At this juncture, serverless puts forward both opportunities and challenges pertinent to security.
While DoS attacks, financial exhaustion, broken authentication, insufficient logins, and over-privileged function permissions and roles have been solved using AWS architectural improvements, the lack of ability to apply network and behavioral security controls, as well as event-data injection, insecure third-party dependencies, cross-execution data persistency and potentially high latency substantially hinder the scope of feasible serverless applications.
For instance, allowing code to circulate freely into shared data storage might be delicate due to risks in compromising the multitenancy and the rogue code to assemble signals across customers. However, there are already opportunities, suggested by new research, to surmount these kinds of obstacles. One way is to use hardware enclaves to help defend the running code.
The complexity of operating with serverless often means that its potential is yet to be reached. However, there is no doubt that serverless has made the cloud computing landscape more dynamic and robust and will continue to bring numerous developments and transformations in 2021.
Confidential Computing
Cloud security issues such as malicious system administrators, vulnerabilities in the underlying cloud fabric and third parties accessing data without consent, are said to be mitigated by confidential computing. The trusted execution environment (TEE) which is a secure enclave within the CPU helps to reduce exposure of any sensitive data. TEE is secured by embedded encryption keys and is isolated from other software, that is, the operating system and cloud service stack; this, in turn, ensures that keys are only accessible through authorized code only. In the event of any attempts to access the keys without authorization, the TEE denies its access.
Confidential computing is already gaining support across various industries and it is well-positioned to provide solutions that are in demand for the next wave of cloud adoption. The consortium of 2019 brought together many companies such as AMD, Google Cloud, Intel, Swisscom, Tencent, IBM, Alibaba, Oracle, Baidu, VMware and many more. Their sole purpose was to build a project community designed to define and propel the adoption of confidential computing. Although still in infancy, the maturation of confidential computing will provide greater assurance to companies with data remaining protected and confidential in the public cloud.
In sum, we are optimistic that despite the inherent limitations of the above-mentioned cloud platforms, 2021 and the upcoming years will bring innovations in the cloud security domain. Whether we call these innovations “serverless”, ZTNA or “confidential computing” the future is heading towards cloud computing.