This post by David Bisson originally appeared in SecurityIntelligence, January 18, 2022.
Many organizations have cloud security on their minds going into 2022. In April 2021, for instance, Gartner predicted that global end-user spending on cloud management and security services would reach $18 million the following year. That’s a growth of 30% over the previous two years.
The forecasts discussed above raise an important question. Where exactly will these businesses and agencies be committing their cloud security spending in 2022? There are three trends to watch over the next 12 months. Keep an eye on cybersecurity mesh, hybrid and multi-cloud environments and cloud-native tools and platforms.
Cloud Security Trend #1: Cybersecurity Mesh
In its list of top strategic tech trends for 2022, Gartner defined cybersecurity mesh as “a flexible, composable architecture that integrates widely distributed and disparate security services.” It provides a means of verifying identity, context and policy adherence across all relevant environments, including the cloud. As such, it’s smart to use a cybersecurity mesh architecture as part of broader defensive approaches.
Niel Harper, a CISO, agrees.
“The goal would be to move perimeters encapsulating data centers to … identities and objects that are not on-premises or on the same network — specifically, users accessing objects from anywhere, anytime and with a variety of device form factors,” he said. “It also enables organizations to bring cloud services into their zero trust architecture and employ adaptive access control with more granular analyses of both subjects and objects.”
To put this in place, invest in a series of controls. These can help to bring zero trust, cloud security and other plans together. Harper pointed out two key cloud-related measures — cloud access security brokers and cloud infrastructure entitlement management. Endpoint detection and response and multi-factor authentication also fit in here, among others.
Trend #2: Hybrid and Multi-Cloud Environments
Cybersecurity mesh and other defense solutions advance more than just zero trust. They can also help to secure hybrid and multi-cloud environments.
Businesses and agencies are turning to these types of strategies more and more. Take the hybrid cloud, for example. Cofense reported that 90% of organizations will be using these to meet their needs by 2022. What that might look like could vary. For some, it could involve a mix of public and private cloud services. For others, it could consist of both in-cloud and on-premises assets. Others might use both.
It’s a similar story with the multi-cloud, a strategy that includes more than one cloud service. In a survey of IT leaders, 95% of respondents said they’re making multi-cloud a strategic priority for their businesses in 2022. About the same percentage (96%) reported that security was top of mind. But only 54% said that they were highly confident in the tools or skills they needed to execute that defensive program. Even more than that (76%) of respondents said that they didn’t feel that their group had invested enough in their multi-cloud project, leaving them ill-prepared to defend against digital threats.
This lack of funding makes another issue worse. That is, the hybrid cloud and multi-cloud environments introduce security challenges. They increase complexity, which reduces visibility.
In response to those obstacles, consider third-party cloud marketplaces such as the AWS Marketplace. These resources can help to provide security teams with software and services that they can use in the cloud.
Trend #3: Cloud-Native Tools and Platforms
Gartner also highlighted the importance of cloud-native platforms for 2022. These empower businesses and agencies to build application architectures that make the most of the cloud. After all, you can’t protect cloud assets the same way as on-premises resources. Internal teams protect the latter. That’s not true for the former, as the shared responsibility model dictates that infosec personnel provide security ‘in’ the cloud only. The cloud service provider is responsible for the security ‘of’ the cloud or safeguarding the physical hosts, network and infrastructure that run the cloud services. This division limits the degree of control that internal teams can have over security efforts.
To make the most of cloud-native tools and platforms, understand what part of the defensive perimeter belongs to you. Then, get the right tools for it. If you don’t, you could leave your business or agency exposed to threat actors who exploit vulnerabilities and misconfigurations in the cloud. This could also make it more costly to recover from a cloud security incident if and when one occurs. Hence the advantage of working with strategic vendor partnerships that bring security and visibility together.
Why Is Cloud Security Important for 2022?
Businesses and agencies will likely be moving more services to the cloud in the coming year. According to ITProPortal, 28% of spending in key IT segments will migrate to the cloud in 2022. This increase in cloud-based services will affect $1.3 trillion in IT spending.
In response, business leaders need to pay attention to securing their cloud-based services. Cybersecurity mesh, multi- and hybrid-cloud security strategies and cloud-native tools can help them to do that.
About InfoSystems
For over 25 years, InfoSystems has provided reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations. Headquartered in Chattanooga, TN, our trusted team of experts specialize in traditional infrastructure, IT optimization and cybersecurity services, as well as next gen solutions such as hybrid cloud and automation, from partners such as IBM, Red Hat, Dell Technologies, Microsoft and VMware.
