By Lawrence Pingree
Gartner forecasts spending on cloud security to grow 24% in 2024, making it the highest growth of all segments in the global security and risk management market. This increased investment is necessary as the continued shift to cloud unlocks new and more attack opportunities. In fact, Gartner predicts that by 2027, investigations involving cloud/third-party infrastructure will rise from an unstructured activity to more than two-thirds of reported incidents.
Chief Information Security Officers (CISOs) need to be ready for the evolving security management landscape as cloud security technologies continue to emerge.
Why Is Cloud Security Spending on The Rise?
Gartner predicts that by 2027, more than 70% of enterprises will use industry cloud platforms to accelerate their business initiatives, up from less than 15% in 2023. With this increased use of cloud, organizations must invest more in technology to protect their data, applications, and infrastructure services.
Cloud security technologies are involved in a myriad of public and/or private functionalities that include authentication, authorization, encryption, workload security and access controls. The security around cloud technologies also address compliance and regulatory requirements for threat detection, risk management, auditing, monitoring and the long-term logging, artifact storage and analysis of activities for security use cases.
CISOs must look to emerging technologies in cloud security to align with the rest of the enterprise. This includes being focused on addressing the advancement of more sophisticated threat resilience, data integrity, data security and runtime isolation.
By investing and adopting new technology strategies and staying abreast of the latest emerging trends in cloud security, CISOs can safeguard their data and applications against evolving threats, ensuring the long-term security of their cloud infrastructure.
How Can CISOs Effectively Deal with The Unique Challenges of Cloud Security?
Cloud-based applications are often more vulnerable to attacks due to their exposure to a wider range of potential threats, including insider threats and data breaches. The use of containerization technologies in cloud environments can make it easier for attackers to exploit vulnerabilities and gain access to sensitive information. This has led to increased investment in solutions such as cloud-native application performance platforms (CNAPP).
CNAPP offerings deliver an integrated set of capabilities spanning runtime threat detection, visibility and control, posture management capabilities, software composition analysis capabilities, and workload security features.
The impact of solutions such as CNAPP tools is high because of the relatively strong value propositions these tools have for consolidating various security needs. By leveraging CNAPP tools, organizations can both accelerate their speed of delivery for new code improvements for their product or service offerings, while continuously managing and validating their cloud infrastructure, and guard against threats emerging in cloud environment runtime environments (including hackers, malicious code or insider threat risks).
CNAPP products continue to evolve with progressive features focused on data security, generative AI (GenAI) posture assessment use cases and multi cloud configuration monitoring.
How has GenAI affected spending on cloud security?
With GenAI still relatively new to the enterprise, forward-looking CISOs must recognize that the future of the technology is still very uncertain.
For instance, the Gartner Emergence Cycle for Cloud Security (see Figure 1) highlights observed cloud security innovations, including core technology developments and interesting new uses of the technologies. It represents the development of technology innovations from ideation through R&D and into early productization.
Figure 1: Emergence Cycle for Cloud Security
Source: Gartner (June 2024)
AI-focused cloud security measures, such as AI configuration monitoring, are in the initiation stage, but still vital to CISOs long-term plans. Specifically, AI configuration monitoring refers to a set of emerging security technologies and trends aimed at enhanced monitoring of the configuration of security policies. IT acts as a natural extension of posture control, security and operational management for AI- and ML-related cloud, identity and infrastructure technologies.
From a market perspective, the growth potential for AI-related cloud security measures, such as AI configuration monitoring, is highest in regulated industries, such as government, financial institutions and healthcare that are driven by security and trust mandates and are oriented to buyers who desire to operate their own AI systems and models.
Gartner analysts will discuss more topics related to cloud security at the Gartner IT Symposium/Xpo conference, taking place November 11-13, in Kochi, India. Media registration can be booked via [email protected].
(The author is Lawrence Pingree, VP Analyst at Gartner, and the views expressed in this article are his own)
