Before COVID-19, businesses were already moving to the cloud, but with the pandemic forcing companies to turn to remote work, adoption of cloud computing has accelerated these past couple of years.
90% of the 2,800+ executives that were polled last year by O’Reilly indicated that their organisations were using already the cloud, a 2% point increase compared to 88% in 2020.
Almost half (48%) said they planned to migrate 50% or more of their applications to the cloud in the coming year. 20% plan to migrate all of their applications.
Cloud provider usage by industry, The Cloud in 2021: Adoption Continues, O’Reilly
US tech consulting firm Gartner estimates that a whopping 85% of enterprises will adopt a cloud-first principle by 2025.
Embracing the cloud can bring many benefits, including slashed IT costs, more flexibility, and increased efficiency. But, it also introduces new risks, especially in the field of security.
Thales’ 2021 Cloud Security Study found a surge in cloud-related cyberattacks, with about 40% of the 2,600 organisations surveyed indicating having experienced a data breach in their cloud environments during the past year.
With attackers increasingly turning their attention to cloud infrastructures, Ermetic, a cloud native security platform provider, has released its cloud security predictions for 2022, outlining five trends for organisations to look out for this year and formulating recommendations on how to tackle new emerging threats.
Hackers will become more creative
Hackers will continue to improve their tactics and find new ways to breach the cloud, targeting weak links in supply chains as an entry point.
This is evidenced by the 2020-2021 SolarWinds cyberattack where hackers were able to breach the software made by the company and gain access to thousands of businesses and government offices that used its products.
The hackers managed to get access to the US Treasury, Justice and Commerce departments and other agencies’ emails.
Microsoft’s President Brad Smith called the hacking campaign “the largest and most sophisticated attack the world has ever seen.”
With new cyber threats arising daily, Ermetic advices organisations to reduce entitlements and privileges for all internal and external accounts with access to cloud resources, including machine identities.
The idea here is to reduce risk by removing excessive permissions.
Cloud breach will become common
This year, cloud breaches will become fairly common, with every organisation expected to experience at least one hack.
A 2021 survey conducted by the International Data Corporation (IDC) on behalf of Ermetic found that virtually all businesses (98%) experienced at least one cloud data breach between 2020 and 2021, representing a 19% point increase compared to 2019-2020.
Against this backdrop, organisations must prepare themselves for the inevitable and invest in tools that provide visibility of their cloud identities and activities, Ermetic advises.
These will allow them to have a clear picture of the potential damage following a breach in order to respond quickly and communicate with stakeholders.
Laggards in cloud adoption will suffer more breaches
Organisations in the early stage of their cloud migration will face more breaches compared to those who are in the “optimise” phase focusing on securing their infrastructure, Ermetic says.
Young, digital-first companies born in the cloud also have an advantage here since they understood right out of the gate that protecting their applications and data is their responsibility.
Organisations should plan and build security controls for identities, access and configurations into their cloud migration roadmap from the get-go, the company says.
Considering cybersecurity at the onset, or following what is commonly known as security by design, will allow them to reduce the likelihood of cybersecurity breaches.
Zero trust initiatives will accelerate
In 2022, adoption of zero trust will continue picking up steam as organisations realise that it is the most important principle for securing cloud infrastructures, Ermetic predicts.
Zero trust is a security model that requires all users to be authenticated, authorised, and continuously validated before being granted or to maintain access to applications and data.
It’s a framework that’s particularly relevant today as it addresses modern challenges relating to securing remote workers, hybrid cloud environments, and emerging cyber threats by tightening up security in the face of an ever-expanding network perimeter.
Adoption of zero trust has risen significantly over the past years. In Asia Pacific (APAC), organisations are embracing the framework at a fast pace.
A recent survey by Okta, a publicly traded identity and access management firm, found that although APAC organisations have been slower adopters compared to their international counterparts, they are now waking up to the importance with 82% of surveyed organisations planning to implement zero trust in the next 12 to 18 months.
As zero trust quickly becomes the norm, organisations should invest in technologies that provide them with comprehensive visibility of their network policy, identity and access permissions, Ermetic says.
Machine and service identities will emerge as cloud security’s weak spot
Finally, the fifth and last prediction for 2022 relates to machine and service identities.
While organisations will continue to improve the security of their human identities with multi-factor authentication (MFA) and single sign-on (SSO), attackers will shift their focus to machine and service identities, Ermetic says.
Machine identities govern the confidentiality and integrity of information between machines, using keys and certificates, much like people employing usernames and passwords to authenticate themselves.
Managing machine identities and their access is becoming highly critical to preventing data breaches.
Gartner also named machine identity management among the top eight security trends for 2021 because of the growth of machines and apps connected by APIs.
Meanwhile, Juniper Research projects that the number of Internet-of-Things (IoT) sensors and devices globally will grow 140% between 2018 and 2022 to exceed 50 billion this year.
