Forecasting the cloud security landscape in 2020
Every year, threat actors will continue to evolve their current tactics, techniques, and procedures (TTPs) that they use in order to exfiltrate customer, company and partner data, interrupt business operations, implant ransomware, and more. In fact, cybercrime damage costs are predicted to hit $6 trillion annually by 2021, according to research from Cybersecurity Ventures. In 2020, as cybercriminals refine their methods, we will continue to see a plethora of breaches occur due to a common vulnerability: misconfigurations.
Despite organizations running an average of 40 percent of their workloads in the public cloud, most companies fail to be able to accurately identify the risk of misconfiguration in public cloud as higher than the risk in traditional IT environments. In the new year we will also see a greater focus placed on identity in cloud security -- a challenge that’s easier said than done, since approaches that worked in traditional data center environments do not translate to the cloud.
New Year, New Threats.
As companies continue to invest in new technology, we will see the introduction of new and advanced tactics, techniques, and procedures from malicious third-parties that seek to either exfiltrate critical customer, company, and partner data or even interrupt or disable business operations. Companies often make the costly assumption that they will be safe from threats just by investing in additional security tools for every new technology or service that they adopt. This piecemeal approach to security is both extremely expensive and inefficient. In fact, since we don’t know what the most pertinent threats will be in a year from now, the best approach is for companies to invest in holistic security solutions that can evolve and scale with a company over time.
Cloud misconfigurations will continue to cause massive data breaches.
As enterprises continue to adopt cloud services across multiple cloud service providers in 2020, we will see a slew of data breaches caused by misconfigurations. Due to the pressure to go big and go fast, developers often bypass security in the name of innovation. All too often this leads to data exposure on a massive scale such as the First American Financial Corporation’s breach of over 885 million mortgage records in May. Companies believe they are faced with a lose-lose choice: either innovate in the cloud and accept the risk of suffering a data breach, or play it safe with existing on-premise infrastructure and lose out to more agile and modern competitors. This however, is a false choice. In reality, companies can accelerate innovation without loss of control in the cloud. They can do this by leveraging automated security tools that give organizations the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or even trigger automated remediation in real-time. Automation also grants enterprises the ability to enforce policy, provide governance, impose compliance, and provide a framework for the processes everyone in the organization should follow—all on a continuous, consistent basis. Companies can innovate while maintaining security, they simply must adopt the proper cloud strategies and solutions.
IAM is the new perimeter, and it is harder than you think.
Everything in the cloud has an identity, and the relationships are complex, so scoping to least privilege or adopting zero trust sounds great, but is really difficult to do. In 2020, security professionals are going to realize that identity and access management (IAM) is an area where they can lose control rapidly, and it is very hard to take back. Approaches and strategies from the datacenter world don’t transfer, and companies need to rapidly invest in the process and in supporting tools (including automation) to stay ahead in this complex landscape. The repercussions of poor IAM governance are substantial and sometimes unpredictable. For example, a former AWS employee was able to access over 100 million Capital One customers' records by bypassing a misconfigured web application firewall, performing privilege escalation and as a result, obtained access to a swathe of customer information.
What these predictions mean
Next year, the new threats, continued onslaught of misconfigurations, and challenge of managing identities in the cloud that will emerge present threats and opportunities for companies. Organizations must recognize that they do not have to choose between innovation and security. The truth is that businesses can continue to reap the benefits of cloud and container infrastructure all while remaining compliant and secure. Adopting holistic security approaches that leverage automated solutions and can scale with the enterprise over time, guaranteeing that threats are either brought to the attention of the appropriate personnel or remediated all in real-time.
Chris DeRamus is the co-founder and CTO of DivvyCloud where he leads the engineering teams while driving new innovation. DeRamus is a technical pioneer whose passion is finding innovative and elegant new ways to deliver security, compliance, and governance to customers running at scale in hybrid cloud environments. He keeps his hands dirty and spends much of his time writing code and diving deeply into the latest technologies and services being deployed by partners like Amazon, Microsoft, Google, VMware, and OpenStack.