In 2022, we saw explosive transitions in the cloud security market — every aspect of the ecosystem, including vendors, products, and infrastructure, went through a radical change. It birthed new categories like data security posture management (DSPM), saw established vendors jumping to announce cloud data lakes like Amazon Security Lake, and put vendors through turmoil, like KnowBe4 being acquired by Vista Equity for $4.3 billion.
As we look forward to 2023, cybersecurity for workloads (virtual machines, containers, services) in the public cloud will continue to evolve, with customers trying to balance the need for aggressive cloud adoption and compliance with security needs. Chief information officers (CIOs) and chief information security officers (CISOs) will challenge their teams to build the foundation for a security platform that can consolidate point products, support multiple clouds (AWS, Azure, and GCP), and leverage automation to scale security operations. A zero-trust architecture will lead the way to workload protection in the cloud, real-time data protection, and centralized policy enforcement. Here’s a deeper dive into how these five dynamics will make their presence felt in 2023 with public cloud workloads.
Generative Attacks Will Become Targeted and Personalized
Automation and machine learning empower cybercriminals to launch sophisticated, targeted attacks. Scripted botnets can conduct network reconnaissance on cloud infrastructure, and valuable data can be harvested and used to launch further attacks. Malware packages are becoming a commodity, with readily available automated tools in which the level of abstraction enables even unimaginative minds to become lethal. For example, ChatGPT, which has taken the tech world by storm, can use machine learning to auto-script malware.
Cyber threat researcher @lordx64 shared an example of malware auto-generated by ChatGPT. The malware used PowerShell to download ransomware using an obfuscation script, encrypt all the files, and exfiltrate the key to google.com.
Centralized Security Posture Will Become the Norm to Tackle Workload Sprawl
Misconfigurations due to human error remain the biggest root cause of cyberattacks. Many attacks use techniques such as code injection and buffer overflow to prey on weak configurations. With the cloud enabling workloads to be spun up and down frequently, configuring security policies at individual firewalls at every virtual private cloud (or a trust zone) opens the door for human error.
Organizations will increasingly look for architectures that can centralize cloud security policy definitions, enforcements, and remediations. Only when cyber prevention is delivered from a central platform can defense be applied to all workloads, instead of just a few select ones.
Zero Trust For Workload Protection Will Gain Momentum
Zero trust will see widespread adoption to protect assets by enforcing an explicit trust framework for all assets in the public cloud. Implementing zero trust in the public cloud is different and unique because customers are dealing with ephemeral and dynamic resources. Zero-trust platforms that were architectured for the cloud can bring down cost overruns and complexity. Before a workload in a public cloud can request a resource, it must go through an extensive trust check — one that combines identity, device risk, location, threat intelligence, behavioral analytics, and context. Upon successfully establishing explicit trust, the resource will then be subject to corporate security policy for access control.
CIOs Will Look For More Effective Multicloud Security Tools
When it comes to vendor best practices, CIOs are increasingly looking at diversified portfolios of public cloud infrastructure for three main reasons. For one, they want to reduce reliance on a single vendor. Many are also looking to integrate infrastructure inherited from mergers and acquisitions. And CIOs need to leverage best-of-breed services from different vendors, such as Google Cloud BigQuery for data analytics, AWS for mobile apps, Oracle Cloud for ERP, for example.
Every cloud vendor preaches the notion of “shared security responsibility,” putting the onus on the customer to implement a security infrastructure for their cloud resources. Savvy IT shops ensure they pick a cybersecurity platform that supports multiple public cloud environments.
Real-Time Data Protection Will Be a Core Criterion for Cloud Data Governance, Security
Securing sensitive data such as protected health information, personally identifying information, financial information, patents, confidential corporate data, and other intellectual property is arduous when data moves to the cloud. Legacy data loss prevention (DLP) architectures that rely on regexes, scans, and static rules are insufficient and ineffective for DLP in the cloud.
The rise of the data security posture management category has provided critical visibility into the need for observability and real-time analysis. Proxy-based architectures that can decrypt and inspect all SSL traffic will become a cornerstone for enterprises that truly care about protecting their sensitive data.
Migration to the cloud is not a new trend in the corporate world, but the implications of cybersecurity for cloud workloads are still evolving. While there are no clear answers yet, these are some of the leading indicators customers will use to navigate in 2023.
Read more Partner Perspectives from Zscaler.