Cloud momentum continues unabated, and enterprises taking advantage of its benefits are moving more critical functions to the cloud. Enterprises that have not migrated will evaluate whether to make the move to take advantage of the capabilities and cost savings of leveraging cloud resources. Cloud security worries continue to be a concern for those looking to leverage cloud-based solutions; recent breaches emphasize the need to understand the shared responsibility model, security best practices, and the types of threats that must be mitigated to ensure secure cloud deployments. New technologies both enable — and challenge — efforts to secure the cloud; the compliance landscape also continues to get more complex and convoluted for companies already trying to play compliance Jenga in a regulation-happy world. Look for these trends to dominate cloud security in 2019:
- Artificial Intelligence (AI): As enterprises take advantage of AI to augment skillsets and become more efficient, they (and the industry at large) will begin to take a more serious look at how it both interacts with and impacts security tools. Look for organizations to expand the use of AI to address security challenges by developing their own solutions or leveraging third-party services/tools with embedded AI and Machine Learning algorithms. More organizations are willing to experiment with AI for security due to the increasing availability of pre-built models and managed AI services. Frequent breaches against these same corporations also contribute to new investments in AI that can assist in developing adaptations to keep ahead of breach attack patterns. The outcome is more automated detection and response to vulnerabilities and threats.
- Automation: To leverage the full benefits of the cloud, many companies will realize success by implementing a multi-phased security automation and orchestration (SAO) approach to continuous integration/continuous deployment (CI/CD) that includes compliance and security checks prior to implementing new deployments in production environments. Emerging SAO offerings leverage reference architectures that exist as infrastructure as code (IaC) and align with compliance frameworks and security best practices, providing cloud users with a quick and repeatable way to update and/or deploy compliant and secure cloud-based infrastructure. Both cloud-agnostic solutions (such as Terraform) and platform-dependent services (such as AWS CloudFormation, Azure Resource Manager, and Google Deployment Manager) support IaC within their respective platforms. Once the infrastructure foundation is deployed, engineers will layer in additional code, scripts, and application functionality using a host of DevOps tools to deploy, harden, and configure remaining infrastructure that could not be achieved solely using IaC.
- States taking control: 2018 saw a move toward both compliance and privacy being addressed at the state level: Examples include Arizona’s AZRamp program for their government cloud deployments and California’s Consumer Privacy Act. More states may follow suit, particularly as privacy issues are brought to the forefront by high-profile data breaches and corresponding lawsuits, such as the recent breach of Marriott’s Starwood-branded hotels, which affected nearly 500 million users and prompted legal action. Enterprises will need to navigate both the current and emerging complexities of state-required cybersecurity and privacy requirements. Breach notification laws vary by state in applicability, scope, and notification requirements. Organizations should perform gap assessments to determine the scope of the information they must protect and the security and compliance postures of the systems hosting this data.
- Security as a differentiator: Compliance does not always equate to comprehensive security; however, compliance is one measure of the maturity of an organization's security program. In 2019, look for more organizations to promote their security assessment and compliance activities to endorse their product’s or system's security posture. The more rigorous the framework (or combination of frameworks), the more advantageous for differentiation: thus, we predict that enterprises will leverage compliance with the most rigid security compliance frameworks, such as the Federal Risk and Authorization Management Program (FedRAMP) and Information Security Registered Assessors Program (IRAP), as key differentiators. Many will also layer on alignment with National Institute of Standards and Technology (NIST) requirements and compliance frameworks (or components of it relevant to their organizations) on top of existing compliance certifications (e.g., ISO 27001 or SOC) to further demonstrate the maturity of their security programs, continuing a trend we observed in 2018.
- Shifting architectures: Looking for more efficient and more capable architectures is modus operandi in IT. In cloud, we predict a growing shift toward serverless architectures as well as containers and microservices to enable cloud architectures to become more efficient in managing ever-increasing task volumes. These newer models enable coding environments and applications to be treated as non-monolithic, delivering agility and flexible scaling of isolated functions for improved efficiency and usage models, driving down operational costs and improving productivity.
- Blockchain: Blockchain arrived on the global scene with Satoshi Nakamoto’s white paper in 2008. Since then, pundits have predicted that blockchain may fundamentally change numerous industries. In cybersecurity, we’ve already seen blockchain at work: There are use cases in storage and backup of software allowing notarization of digital data as a fingerprint, which is added to a blockchain to prevent tampering. In another, we’ve seen entire organizations built around ledger-based security in certain verticals, such as the IOTA project, which proclaims itself as the first open source distributed ledger. Industries such as manufacturing, critical infrastructure, government, and healthcare will begin to utilize the benefits of blockchain’s distributed data model. Technology vendors will leverage blockchain technologies in 2019 to provide security solutions to enhance data storage, identity management, and encryption.
Cyberthreats will continue to evolve in the coming year, as will the challenges of securing rapidly evolving IT technologies. Because cloud reliance continues to grow (and for good reasons), we anticipate seeing how resources and investments in cloud technology work to keep pace in 2019 and beyond.