Forrester Research recently announced it’s annual predictions for the year. Among visions of new treasures from the cloud-native development ecosystem and high-performance computing were two predictions that resonated with me; soaring growth for the public cloud market (to a staggering $299.4 billion) and a call for better security when it comes to cloud management.
While I see both having a big part to play in 2020, I couldn’t help but notice their respective security blindspots. The public cloud is crucial for modern organizations looking to digitally transform their business, yet security in that area remains a hurdle - particularly when it comes to web applications.
With that increasing reliance on the cloud comes a need for significantly better cloud management. That being said, many organizations are only now waking up to the reality that the cloud is not a recreation of their personal environments and therefore requires a wholly different skillset to manage.
To confirm our own suspicions surrounding the future of the public cloud we recently surveyed over 850 security professionals from around the world, most of whom agreed and demonstrated a growing confidence in public cloud deployments.
Almost half (44%) believed public cloud environments to be as secure as their on-premises setup, with one fifth (21%) believing them to be even more secure. A majority 60% agreed that they are either ‘fairly’ or ‘very’ confident that their public cloud environment is secure.
This is to be expected as cloud providers are better equipped to run more secure infrastructure than the average organization could in-house, meaning, so long as they choose their cloud provider wisely, most organizations will benefit from the latest technology, accreditations and security standards.
That being said, the public cloud is far from a CIO’s security paradise. Many of the security professionals we surveyed admitted to being reluctant about where they would store their more sensitive data - over half (53%) would not store their customer information in a public cloud, while a similar 55% would not risk their financial data in such an environment.
Their reasons for caution? Many complained of the ongoing cybersecurity skills shortage (47%) as well as a lack of visibility (42%). Tellingly, more than half (56%) admitted that they have doubts about how compliant their cloud set-up is.
For peace of mind, when housing applications in the public cloud organizations should look to Web Application Firewalls (WAFs) to protect their apps. Even if the app in question is not expected to have outside visitor engagement, it can still be targeted and used as an attack vector.
Assuming an organization opts to trust the cloud with its data, the next step of the journey is the management of said cloud. As the cloud has matured, increasingly secure firewalls have become available that allow for improved protection of data travelling between on-premises and various cloud environments.
As this increased security naturally leads to more cloud deployments, a need to better manage those environments is created - and an on-premises mentality is not going to suffice. To keep up with this growing need, organizations must begin to harness ‘insider’ tools that talk to endpoints via API calls, manage available data closer to its source and pass it on to tools that don’t require additional intervention to decipher.
Better cloud management also translates to better visibility and therefore better security, though in reality many CISOs still struggle to see all aspects of their cloud strategy. This clashes with the freedom it offers developers, as CISOs slow their building in the name of remaining secure.
Security Information and Event Management (SIEM) tools that offer intricate reporting at speed do exist, though they are not a quick fix for this issue. Depending on the number of issues reported and areas that must be addressed, CISOs must then allocate time to implement these fixes - assuming they have the knowledge to do so. This is particularly true of SMBs that may not have the resources or skills to address these issues.
Thankfully, as we move into 2020, improved cloud security posture management (CPSM) tools are heading to market. These newer tools come with automatic remediation and orchestration and integrate reporting with an organization’s current SIEM tool to aid in potential threat alerts.
These new tools will be vital for organizations looking to have better visibility into their whole deployment, offering the ability to report from every endpoint without interfering with their cloud architectures. Organizations would be wise to speak to a trusted partner about finding the right tool to unlock their cloud management goals.
By utilizing a cloud security management solution, savvy organizations can not only avoid many security risks and failures, but also greatly simplify remediation and speed up investigations when those issues do arise.
As we begin a new decade, trust, confidence and the uptake of cloud computing will only rise - public or otherwise. If an organization is to succeed it must find the partners, knowledge and tools to overcome some of the longstanding hurdles that have previously impacted their cloud growth.