Cybersecurity is making headlines around the world. Almost every business or individual has been affected in some way by a cybercrime. Today, cybersecurity concerns are shifting to the cloud. 94% of organizations use cloud services or are in the process of migrating to the cloud, and most consumers are using at least one type of cloud service—whether cloud storage like Dropbox or Google Drive, a web-based email service, or a cloud-based calendar service.

Cyber attacks are a bigger concern in the cloud. This is not because cloud services are unsecured. It is because they are exposed to the Internet, and any small misconfiguration can expose sensitive information to attackers. For example, if a user at home improperly sets permissions on a folder with important files, or a company fails to set authentication on a cloud storage bucket, the data can be effortlessly stolen by attackers. In fact, cyber criminals are on the lookout for these cloud security lapses, just like burglars looking out for a house whose occupants are on vacation or have left an open door.

In this article, I’ll discuss the global problem of cloud security, and describe a few exciting technology trends that are helping companies, and society in general, fight back against the threat of cloud-based cyber crime.

The Importance of Cloud Security for the Global Economy

An IBM report found that data breaches today cost the companies surveyed $4.24 million on average, per incident—the greatest cost in the history of the 17-year report. According to the in-depth study of data breaches experienced by more than 500 organizations, the study shows that security incidents have become more costly and difficult to contain. This is a result of the huge operational changes during the pandemic, with costs growing 10% in comparison to the prior year.

Businesses had to quickly adapt their approaches to technology last year, and many businesses required or encouraged employees to work from home. 60% of companies adopted more cloud-based activities throughout the pandemic. The recent findings show that security may be behind these fast IT changes, hampering the capacity of companies to react to data breaches.

The global 2020 Cloud Security Report highlights the difficulties security teams can face when they protect workloads and information in their public cloud deployments. 75% of respondents noted that they were “extremely concerned” or “very concerned” about cloud security.

Key findings included:

• Top cloud security threats—the leading threats according to survey respondents were cloud platform misconfiguration (68%), unauthorized access to the cloud (58%), insecure interfaces (52%), and hijacked accounts (50%).
• Security inhibits cloud adoption—security is a major barrier to cloud adoption. 37% stated data privacy factors as a barrier to adoption, and 36% noted the lack of integration with security located on-premises.
• Existing security tools do not work well in public clouds—82% said their existing security solutions either provided limited functions in relation to cloud environments or didn’t work entirely, and this concern grew substantially compared to previous years.
• Public cloud is more dangerous—52% of those asked noted that the risk of security violations in public clouds was higher than in on-premises IT settings. Only 17% saw less risk, and 30% held that the dangers were more or less the same in the two environments.
• Cloud security budget to increase—59% of organizations anticipate that their cloud security budget will increase over the next year. Organizations devote 27% of their security budget, on average, to cloud security.

How Society is Fighting Back: Cloud Security Trends and Technologies

Here are a few advanced technologies that are helping organizations and society in general mitigate the threat of cloud-based cyber crime.

Extended Detection and Response (XDR)

XDR is a new security function that cuts across silos, letting an organization incorporate data from networks, on-premise servers, endpoints, and cloud workloads, to isolate threats. XDR integrates with various security products to offer better response capabilities and incident detection.

A core characteristic of XDR-based methods is that they use high-end analytics to bring together data points, to give an attack story that is complete, detailing in-depth forensic information that may assist when the incident is investigated. They also allow for manual or automated response to a breach in a short amount of time.

Cloud Access Security Broker (CASB)

CASBs are cloud-based or on-premises agents that enforce security policy. They are situated between cloud service providers (CSPs) and cloud service users to interject and combine the policies of enterprise security as the resources of the cloud-based are accessed.

CASBs combine various sorts of security strategy enforcement. Security policies include, for example, authorization, device profiling, credential mapping, authentication, single sign-on, encryption, logging, tokenization, malware detection, and alerting.

Cloud Security Posture Management (CSPM)

CSPM solutions manage risks relating to cloud security on an ongoing basis. They isolate, report, log, and offer automation to deal with these issues. These issues may vary from security settings to cloud service configurations, and are generally related to compliance, governance, and cloud resources security. An example of a CSPM tool is Aqua’s Cloud Security Posture Management platform.

CSPM tools deal with four core areas:

• Analytics and monitoring
• Security, identity and compliance
• Classification of assets and inventory
• Resource organization and cost management

Cloud Workload Protection Platform (CWPP)

Gartner notes that CWPPs are security offerings that are workload-centric. They target the specific workloads’ protection requirements in multi-cloud, modern hybrid data center architectures. Put simply, CWPPs assist organizations with their protection of their workloads or capabilities (resources and applications and more), being run in a cloud instance.

CWPP capabilities differ over vendor platforms, however they generally incorporate functions like vulnerability management, system hardening, host-based segmentation, application allow lists, and system integrity monitoring. CWPPs enable security control management and visibility over several public cloud environments, from one console.

Cloud Infrastructure Entitlement Management (CIEM)

Gartner coined the acronym CIEM and a corresponding new category in its 2020 Cloud Security Hype Cycle. This recent archetype outlines solutions that relate to cloud Identity and Access Management (IAM), which is typically too dynamic and involved to be effectively managed solely by native CSP tools.

The CIEM category is assigned to technologies that deal with access governance controls and identity, with the aim of minimizing the need for unnecessary cloud infrastructure entitlements and making least-privileged access controls over distributed and dynamic cloud environments more efficient.

Cloud-Native Application Protection Platform (CNAPP)

Recently, Gartner named CNAPP a new category in response to the latest tendencies in cloud security. CNAPPs bring data context and application in the convergence of the CWPP and CSPM archetypes to safeguard workloads and hosts, such as containers, serverless functions, and VMs.

Conclusion

In this article I discussed the global problem of cloud security, and described a few technologies that are helping organizations protect themselves and their customers’ data:

• Extended Detection and Response (XDR)—a new security platform that collects data from all layers of the IT environment, including cloud systems
• Cloud Access Security Broker (CASB)—an agent-based system that facilitates secure remote access to corporate systems and APIs
• Cloud Workload Protection Platform (CWPP)—automatically detects cloud security misconfigurations and fixes them
• Cloud Security Posture Management (CSPM)—helps analyze security weaknesses in the cloud and generate reports for compliance
• Cloud Infrastructure Entitlement Management (CIEM)—helps manage authentication and authorization in the cloud at large scale
• Cloud-Native Application Protection Platform (CNAPP)—a combination of CWPP and CSPM which can help secure applications in the cloud

It appears society has made a few steps forward in the cyber arms race, developing a set of capabilities that can help secure the cloud and thwart cyber attacks. But the battle is far from over—cyber defenders will wait and see what cyber criminals come up with next, and develop the next set of even more sophisticated cybersecurity solutions.