Continuing on with our series on the top trends we see for cybersecurity in 2022, cloud security is of utmost priority for almost all security professionals. Early on in the global COVID-19 pandemic, researchers noted a number of subtle yet significant changes in cloud usage patterns as businesses adapted to restrictions, supply chain issues and other societal and market-based exigencies.
For example, while spending on cloud resources increased overall, the mix of purchased services changed slightly – shifting a little toward more bulk purchases of instances, database and storage, and containers. Overall, though, analyst firm Gartner expects spending on public cloud services to grow to $480+ billion in 2022, an increase of more than 47% over 2020.
Hybrid cloud and multi-cloud deployments are also on the rise, especially given the region-wide blackouts that some cloud providers experienced last year. Enterprises have found it prudent to diversify their cloud presence in order to minimize any disruptions.
Malicious actors have noticed these trends too, however – and they’re actively looking for ways to compromise cloud resources. According to IBM and the Ponemon Institute, the share of data breaches caused by cloud misconfigurations is one of the top two threat vectors, equaled only by compromised credentials.
Given the increasing adoption of cloud services and the vastly expanded attack surface that it represents, we believe that cloud security is critical for cybersecurity teams to address in 2022.
A Changing Cloudscape
As noted in the CloudHealth report mentioned earlier, adoption of container technology is a major trend in cloud deployments, due in no small part to the agility and efficiency of these solutions. Unlike a VM, a container consumes only a small fraction of physical CPU that can be then dedicated to smaller, discrete tasks like running a specific application or code.
Container security has consequently become of increasing importance for IT and security teams. While many cloud service providers (CSPs) offer a degree of built-in security for containers, usually it is not integrated into the larger security infrastructure of the enterprise – which may render it far less effective against advanced persistent threats (APTs).
Security technology vendors like Hillstone have recognized the need for improved visibility within containers, for micro-segmentation of east-west traffic to protect against malicious lateral movements, and for scanning of container images for potential threats. Similar to solutions for securing the VM environment, container solutions must first be able to identify existing assets in the environment. If auto-asset discovery is available, that is a major plus. From there, the delineation of assets requiring protection and how must be clearly defined. Continuous optimization is key in ensuring the solution is constantly plugging up new holes and advancing. Vendors are rapidly evolving to address these and other needs specific to containers. You can read more about these recommended five steps of implementing micro-segmentation solutions here.
A Brighter Future for Cloud Security
Despite the challenges of cloud security, there’s every reason to remain optimistic. A number of solutions are already on the market that can help secure cloud deployments, and more will most certainly follow.
Case in point: ZTNA, or zero-trust network access, a relative newcomer to the security world. Zero-trust is a security concept that basically mandates, “never trust, always verify.” While typically thought of in terms of securing remote workers on the expanded service edge, ZTNA literally holds the potential to protect data everywhere – including the cloud. Hillstone, for example, applies a user-to-application, rather than network-centric, approach to authentication that extrapolates security into the cloud and makes scaling much easier.
An application of ZTNA can be found in micro-segmentation, a cloud workload protection platform (CWPP) that can help secure enterprise VMs in the cloud. Ideally, sufficient micro-segmentation solutions for the cloud would abide by the 5 steps implementation process to deliver visibility into east-west traffic between VMs and help block the lateral movements typical of multi-stage, multi-layer attacks.
By investigating and implementing newer cloud security technologies, security professionals can help protect critical resources wherever they reside. To read our previous blogs in this series, see our 2022 threat landscape predictions and our forecasts for AI and ML technologies. Learn more about Hillstone’s advanced security offerings by clicking the links above, or contact your local Hillstone representative or authorized reseller today!