In 2022, we saw explosive transitions in the cloud security market - every aspect of the ecosystem, including vendors, products, and infrastructure went through a sea change. It gave birth to new categories like data security posture management (DSPM), established vendors jumping to announce cloud data lakes like AWS Security data lake, and vendors going through turmoil, like KnowB4 being acquired by Vista Equity for $4.3B.
As we look forward to 2023, cybersecurity for workloads (e.g. VMs, containers, and services) in public cloud will continue to evolve, with customers trying to balance the need for aggressive cloud adoption and compliance with corporate security needs. CIOs and CISOs will challenge their teams to build the foundation for a security platform that can consolidate point products, support multiple clouds (AWS, Azure, and GCP), and deliver automation to scale security operations. A zero trust architecture will lead the way to real-time data protection, centralized policy enforcement, and protection of workloads in the cloud.
What to expect:
Generative attacks will become targeted and personalized. Adversaries will benefit from rapid innovation in AI-powered botnets and a reduction in cost of cloud compute resources.
Automation and machine learning are empowering cybercriminals to launch attacks that are sophisticated and targeted to a particular organization, resource, or individual. Scripted botnets can conduct network reconnaissance on cloud infrastructure and valuable data can be harvested and used to launch further attacks. Malware packages are becoming a commodity with automated tools readily available where the level of abstractions have transitioned even the unimaginative minds to become lethal. For example, ChatGPT, which has taken the tech world by storm, can use machine learning to autoscript malware. A cyberthreat researcher who goes by the pseudonym @lordx64 on Twitter has an example of a malware that ChatGPT was able to auto-generate—the malware used PowerShell to download ransomware using an obfuscation script, encrypt all the files, and exfiltrate the key to google.com.
Centralized security posture (to configure, enforce, and remediate) will become the norm to tackle workload sprawl in public clouds.
Misconfigurations due to human error is the biggest root cause of cyberattacks. Many of these attacks use techniques, such as code injection and buffer overflow attacks, to pry into the weak configurations. With cloud-enabling workloads spun up and down frequently, configuring security policies at individual firewalls at every VPC (or a trust zone) opens the door for human error. Customers will increasingly look for architectures that can centralize their cloud security policy definitions, enforcements, and remediations. Cyber defense can only be applied to all workloads if cyber prevention is delivered from one central platform.
Adoption of zero trust to protect workloads in the public cloud will gain momentum.
Zero trust will see widespread adoption to protect assets by enforcing an explicit trust framework for all assets in the public cloud. Before a workload in a public cloud can make a request to access a resource, it will have to go through an extensive check of trust—one that combines identity, device risk, location, threat intelligence, behavioral analytics, and context. Upon successfully establishing an explicit trust, the resource will then be subjugated to corporate security posture for access controls.
CIOs' appetite to hedge their bets across AWS, Azure, and GCP will dictate the implementation of security tools that can span multi-clouds.
When it comes to vendor best practices, CIOs are increasingly looking at a diversified portfolio of public cloud infrastructure for multiple reasons - reducing reliance on a single vendor, integrating infrastructure inherited from mergers and acquisitions, leveraging best-of-breed services from different public clouds such as using Google Cloud BigQuery for data analytics, AWS for mobile apps, and Oracle Cloud for ERP etc.
Fig. AWS framework for shared responsibility to protect cloud resources.
Every cloud vendor preaches the notion of “shared responsibility” when it comes to cybersecurity, putting the onus on the customer to implement a security infrastructure for their cloud resources. Savvy IT shops ensure that they pick a cybersecurity platform that can support multiple public cloud environments. Customers cannot possibly entertain the idea of separate security tools for each public cloud. They will standardize one platform for all their needs.
Real-time data protection is a core selection criteria for data governance and data security in the cloud.
Securing sensitive data such as PHI, financial information, patents, corporate confidential data, PII, and other intellectual property is a herculean task when data moves to the cloud. Legacy DLP architectures that rely on regexes, scans, and static rules are insufficient and ineffective when it comes to data loss prevention in the cloud. The rise of the Data Security Posture Management category has provided the much-required visibility into the need for observability and real-time analysis. Proxy-based architectures that can decrypt SSL traffic to inspect all the traffic will become a cornerstone for enterprises that truly care about protecting their sensitive data.
Migration to the cloud is not a new trend in the corporate world. But the implications of cybersecurity for cloud workloads continue to be an evolving prerogative. While there are no clear answers yet, there are a few leading indicators that customers will navigate toward in 2023. Practical deployments of zero trust concepts will take center stage in the cloud environments.
Interested to learn more about zero trust and cloud workloads? Click here for Zscaler’s perspectives.
This blog is part of a series of blogs that look ahead to what 2023 will bring for key areas that organizations like yours will face. The next blog in this series covers data protection predictions for 2023.