By Murtaza Bhatia, Director – Cyber Security, NTT Ltd in India
The cloud now plays a pivotal role in every major digital transformation initiative, and this is only set to accelerate in the future. In 2023, as more businesses adopt the cloud, we will see a number of trends in cloud security that are currently emerging or are likely to become more important in the coming years. Some of the key trends include:
Cloud will increasingly be the foundation for ensuring security, with managing intelligence at its core: Given the increased scale and complexity of attacks, many organizations will shift to cloud-based delivery models for security as they realize that on-premises software will be incapable of maintaining the speed required in today’s hybrid environment. Research firm, Gartner estimates that the combined market for cloud access security brokers (CASB) and cloud workload protection platform (CWPP) will grow 26.8% to reach $6.7 billion in 2023.
The research firm also estimates that as remote working continues to be a preferred model in the future too, the demand for cloud-based detection and response solutions (endpoint detection and response and managed detection and response), will also increase in the coming years. The cloud will become the foundation for ensuring maximum security, and we will see more businesses transitioning to the cloud.
Multi-cloud environments will increase cloud security risks: The increased adoption of multi-cloud and hybrid cloud environments can lead to increased complexity in terms of security, as organizations will need to ensure that their security controls and policies are consistent across all of their cloud environments. A recent Forrester report substantiates this fact. The report from Forrester states that data security issues are amplified in multi-cloud environments. Forrester found out that complexity of multi-cloud environments was ranked the most significant internal challenge to cloud security. Further, as different cloud service providers have different operational and security controls amongst public cloud providers, this too has an impact on the overall security posture and in defending against security threats.
Cloud data sprawl can lead to security as well as compliance related issues: The relatively easy availability of cloud-based storage can lead to a data sprawl that is uncontrolled and unmanageable. In many cases, data which must be deleted or secured is left ungoverned, as organizations are not aware of their existence. In April 2022, cloud data security firm, Cyera, found unmanaged data store copies, and snapshots or log data. The researchers from this firm found out that 60% of the data security issues present in cloud data stores were due to unsecured sensitive data. The researchers further observed that over 30% of scanned cloud data stores were ghost data, and more than 58% of these ghost data stores contained sensitive or very sensitive data. If this data is not protected, then it can not only increase the threat of ransomware attacks, but also increase the risk of non-compliance with industry regulations such as HIPAA or PCI-DSS. This is further corroborated by a Cloud Data Security Report, which states that only 4% of respondents believe that their cloud data is sufficiently secured. In 2023, we expect this trend to accelerate, as more firms adopt cloud-based solutions.
Data breaches in the cloud will accelerate: The sheer volume of data that is today stored in the cloud has substantially increased the risks. Despite best practices advised by cloud service providers, data breaches that originate in the cloud have only increased. IBM’s annual Cost of a Data Breach report for example, highlights that 45% of studied breaches have occurred in the cloud. What is also noteworthy is that a significant 43% of reporting organizations which have stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, have observed higher breach costs. Hence, unless, organizations take active steps to standardize and implement uniform security practices across their cloud environments, data breaches will only increase in 2023.
SaaS-based misconfigurations will lead to an escalation in security incidents: The popularity of SaaS-based applications has grown exponentially. However, the relatively easier adoption has also increased the attack surface area. In a recent SaaS security report done by the firm, Adaptive Shield with the Cloud Security Alliance, it found out that the number of SaaS misconfigured security related incidents could be as high as 63%, which looks huge when compared to 17% of security incidents caused by IaaS misconfigurations. Unless checked, this area looks extremely vulnerable in 2023, as there is relatively less awareness on SaaS-security.