Of the many things that caught the headlines in 2019, the Capital One data breach probably garnered the most attention in the tech world. Not just because of its scale and breadth (it reportedly affected 106 million North Americans), but the incident once again put cloud security right back in the spotlight. The breach happened at a crucial time when the financial services giant was drastically cutting down its data center footprint to completely migrate to the cloud by 2020.
This and many other data breach incidents come at a time when cloud has risen to be the most secure destination for organizations to move their business-critical data. Setting aside the initial apprehensions and perceptions around cloud and security, organizations have embraced cloud as the foundational technology that supports all their key transformation initiatives.
Are data breaches a setback in the progress of cloud adoption ? Definitely not. If anything, these incidents only bring some relevant questions around cloud security to the fore. More than 80 percent of enterprise workloads are expected to move to cloud in 2020, with investments around cloud predicted to skyrocket in the oming months. As organizations move to hybrid and multi-cloud environments, the need to establish more consistent cloud security policies will increase.
Here’s how cloud security will further evolve and mature in 2020:
Perimeters will blur
Corporate network perimeters are going to continuously fade, as more and more applications move to the cloud and users become more mobile. For the same reason, a security strategy that focuses on protecting a pre-defined perimeter will increasingly become irrelevant in the coming days. The enterprise workloads running on the cloud has already surpassed those running on premises. And, users are accessing what they want through mobile devices, mobile networks—sitting in airports and coffee shops.
As internet becomes the new corporate network, organizations will also relook at the way they have so far approached identity, access, restrictions and privilege.
Firewalls aren’t going away
Most of the leading cloud applications today come with built-in security. However, there is a huge gap between ‘most’ and ‘all’. Some applications may not have the kind of extensive security features that popular applications offer. At the same time, organizations can no longer look at routing all the traffic through a centralized firewall, owing to latency, poor user experience etc. Traditional network appliances will thus likely take a back seat as cloud firewalls rise in prominence in 2020. Organizations will largely go with such software-defined firewalls for connecting the right user to the right app.
Shared responsibility on cloud
Public cloud service providers are making huge investments to ensure that the cloud is secure, due to which many experts argue that public cloud is actually secure than what can be achieved on premise. Does that mean the cloud providers entirely responsible for their customers’ security? The discussion around ‘shared responsibility for cloud security’ has been firming up in recent times. According to Gartner experts, through 2020, 95 percent of cloud security failures will be the customer’s fault—which puts customers equally in charge of their cloud data. In the coming days, we will see user organizations taking equal responsibility of security in the cloud, with more comprehensive and clear policies.
Security analytics delivered from cloud
The complexity associated with on-premise SIEM (security information and event management) will drive the need for more flexible cloud-based models in 2020. For years, organizations have been leveraging this technology to get real-time analytics on security alerts. But as IT environments become more disparate and hybrid cloud models come into picture, an on-premise model will fall short in many aspects. With security data volumes growing massively, organizations will increasingly look at cloud alternatives.
Summary
Cyber threats will continue to intensify. Attackers are increasingly going after corporate data stored in the cloud. This certainly introduces new attack surfaces and vulnerabilities for organizations. However, the move to cloud is inevitable and is not something that organizations are willing to deprioritize for security or any other reasons. In 2020, CIOs and CISOs will re-examine their risks and protection strategies in a significant way to stay ahead of the game.
(Disclaimer: The author is Co-founder and CEO, Rapyder Cloud Solutions and views expressed here are his own)