It is fascinating to take a step back and look at how “the cloud” has grown over the past two decades. Many innovations have sparked a new wave of technology – from the boom in serverless technologies (allowing businesses to scale and build platforms at speeds never seen before) to the evolution of home automation security. cloud.
These innovations have enabled organizations to improve their business agility and reduce costs; but they’ve also increased the attack surface, as a recent report from IDC shows, which points out that 98% of organizations have experienced at least one cloud security breach in the past 18 months.
Based on these variables, below are the top cloud security trends expected to emerge in 2022.
The growth of serverless
We are seeing more and more organizations adopting a serverless architecture in their platforms. This translates not only into using the FaaS (Function as a Service) services of cloud service providers, but also exploring the wide range of serverless offerings available. With the introduction of new serverless offerings every quarter, it is so important to understand the potential risks that can arise.
For example, AWS Pinpoint is an AWS service that offers email, SMS messaging, and marketing that is easy to set up and start integrating with Lambda, API Gateway, and more. With a myriad of integration options and features, it’s important for application developers and the cloud IT team to understand what the security setup would look like and the potential risks associated with these tools.
We are also seeing things like “distributionless” architectures being used to have more control over FaaS architectures on multiple CSPs. With the increased control over these types of architectural decisions comes a new way of thinking about security. We have our eyes set on these new models and are looking to think about security when more serverless services are used. For the coming year, we’re keeping a close eye on serverlessness and how best to secure it, while improving efficiency and mitigating risk.
More and more organizations are starting to fully embrace Infrastructure-as-Code (IaC) to create fully autonomous cloud environments. From a security perspective, ensuring that the supply chain from code to production is protected and monitored is becoming a growing concern for organizations. We see tools in this space starting to mature and new strategies are being implemented. For example, you can do things like pre-validate configurations and architecture, making sure your architecture and code are compliant and secure before you even go into production. Over the coming year, we hope to see more third-party tools and cloud-based native services to better support the entire supply chain.
Multi-cloud strategies are here to stay – and many companies are choosing the technologies best suited to their platforms while building resilient architectures that use multiple cloud service providers. We will soon see this adoption model mature with multi-cloud security practices and tools. Additionally, we see “multi-cloud” enveloping edge computing, which will continue to expand into factories, as well as branch offices and private data centers. We are monitoring the growth of this field and developing new ways to adopt a multi-cloud strategy for organizations.
The lines between the application developer and the infrastructure engineer have become very blurred. Developers create cloud architectures based on the services they try to use, or build new infrastructure from their code base. Cross-functional teams are starting to work together to think about how security plays a role in this new way of thinking. We discovered potential new attack vectors and security configurations that helped customers understand the impact. We see this trend continuing.
Over the past year, we’ve seen a dramatic increase in breaches using SaaS platforms. Along with this increase, we have also seen the growth of SaaS security offerings and tools in response. One of these areas is SaaS Security Posture Management (SSPM) tools.
PMSCs help organizations delve into their overall SaaS portfolio to ensure they are keeping the pulse of the business while staying in compliance. In 2021, we saw these SSPMs adopt around ten platforms, but in 2022 we will see a significant increase in the number of SaaS platforms supported by these tools. Organizations are starting to create a stronger SaaS security program that can span their entire portfolio, from onboarding and validating cloud-based providers to monitoring and alerting SaaS providers in their ecosystem. .
Dynamic access policies with attribute-based access control (ABAC)
ABAC uses beacons to dynamically determine access permissions. For example, if I have a “project” tag, I can build a policy that grants permissions if the value of the “project” tag on the principal matches the value of the same “project” tag on the resource or the target environment. This enables more scalable and reusable policies, simplifying management and improving authorization segregation. While many cloud service providers have yet to implement this new approach across all services (while minimizing its usefulness), we are excited to see how this new approach grows in its adoption and support across the board. during the coming year.
With more organizations using home and hybrid work environments and moving workloads and data to the cloud, securing cloud-enabled infrastructure must be built in from the start. The cloud is a catalyst for business productivity, but it must be used with a security-focused approach to minimize risk while advancing productivity.