Ahmed Aburahal, Technical Product Manager at Integrity360, explores how the cloud landscape has changed over the past year, and what this means for the digital transformation strategies of the future.
Organisations are increasingly adopting cloud-native application architectures to stay agile and competitive. In fact, by 2025, an estimated 95% of new digital workloads will be deployed on cloud-native platforms. However, this shift brings a new set of challenges that can jeopardise security, efficiency, and visibility – and we’re also beginning to see the potential impact of doing so without a security-first migration or deployment strategy.
Concerns have been growing over the past year with respect to cloud, its cost and suitability. These have been triggered by a number of developments from high profile cloud data breaches, to increases in cloud storage costs and the ramp up of regulations, all of which are causing some to reconsider where their data is housed.
According to Flexera’s State of the cloud report 2023, cost is the number one concern with cloud. Organisations are spending significantly on cloud platforms and supportive security, yet the economic gains that they anticipated are struggling to materialise in many cases.
Cloud misconfiguration
Alongside these concerns is a worrying projection that 99% of cloud breaches will result from user misconfigurations, with 75% attributed to inadequate permission management.
Organisations are willingly storing customer, employee and operational data on misconfigured cloud servers, allowing anyone with a bit of know-how to access it. There are now more compromised records (7.7 billion) that we know about than there are people in the world (7.5 billion), according to Have I Been Pwned, a data breach registry service.
Ransomware, cryptojacking and phishing are the threats that businesses are told to actively defend against if they want to keep their data secure, but it’s time to add cloud security to that list. Misconfigured and publicly accessible servers have become a valuable source of customer data and company secrets, yet it takes a fraction of the effort to compromise them compared with the likes of a malware attack.
There have been several high-profile cloud breaches in the past few years. In fact, in June of 2023, automaker Toyota revealed that roughly 260,000 customers’ data was exposed due to a misconfigured cloud environment. Further, the 2023 Thales Cloud Security Study revealed that 39% of businesses experienced a data breach in their cloud environment in the last year.
Addressing these issues requires a strategic approach to ensure your cloud environment is both secure and optimised.
Are you cloud ready?
Where it was thought that there would be a logical and continuous shift away from on-prem to the cloud, this transition is now not as certain as it once was.
Organisations face significant obstacles in public cloud security, including visibility gaps in dynamic workloads, user access, and configuration changes. With so many different services and so much information running through the cloud, unsecured data is bound to slip the net at some point.
As a result, some organisations are moving data storage and operations back on-premise or to private clouds – or even adopting hybrid multi-cloud models. However, many of these challenges can be addressed with the right security processes in place, avoiding the additional costs, complexity and security risks.
A good starting point is cloud readiness and cloud security assessments, which are pivotal in helping companies maintain a security-first IT mantra, and they’ll only become more valuable as time goes on.
The rise of the CNAPP
From a security perspective, organisations can also embrace Cloud-Native Application Protection Platforms (CNAPPs) – a consolidated security solution that amalgamates functions from several standalone technologies.
CNAPP ensures enhanced visibility and risk management, protects cloud workloads and identities, secures the application lifecycle, and integrates security controls. Its modular approach is designed to meet enterprises at their current stage of cloud adoption, addressing immediate needs while planning for future objectives.
Managed security services for the cloud
Additionally, cloud managed services safeguard against advanced threats and ensure secure access to web, cloud, and on-premises resources.
Managed cloud services are designed to alleviate the challenges of adopting public cloud, SaaS, and hybrid workforce models, ensuring your cloud configuration follows the right guidelines and secures your cloud workloads, identities and applications from anywhere, any user, and any device.
We are seeing a shift to more hybrid models, but repatriation to on-prem or a cloud exodus is certainly not on the cards just yet. Instead, where organisations had previously rushed their move to the cloud to digitise their business, the setbacks they have faced have allowed them to readdress their digital transformation strategies, turning security from a barrier into an enabler as they take on a more streamlined strategy.
By employing managed services and consolidating security solutions into a single, cohesive platform, it eliminates the complexity and visibility gaps that often plague organisations using siloed solutions. Digital transformation strategies can then simply evolve to better incorporate cloud technology into a more practical solution that includes existing, pre-integrated and secure infrastructure.
