(ISC)²'s bi-monthly e-newsletter Cloud Security INSIGHTS, delivers timely, must-read original articles for the professional development of infosecurity practitioners focused on cloud security.
CLOUD SECURITY INSIGHTS JULY ISSUE SPONSOR
Advance Your Career in Cybersecurity
The 100% online MS in Informatics program at San José State University offers a specialized path in Cybersecurity and Privacy. This accelerated program provides the skills you need to leverage data and technology and advance your career in information security.
You’ll build a foundation in general informatics skills such as human-centered design and big data management—with a focus on important cybersecurity and privacy topics.
The MS in Informatics program is conducted 100% online and can be finished in as little as one year. Applications are being accepted for spring 2020 admission.
JULY CLOUD SECURITY INSIGHTS
Forecast Looking Good for Cloud Security Solutions
By SHAWNA McALEARNEY
Organizations are embracing the deployment of mission-critical workloads to the public cloud at an unprecedented rate, driving the global cloud security solutions market to an estimated $12.7 billion by 2023.
That’s according to Forrester’s Cloud Security Solutions Forecast, 2018 to 2023. The same analysis noted more than half (54%) of global infrastructure decision makers have implemented, or are expanding, their use of the public cloud, up from 25% in 2015.
Photo credit: Wavebreak Media/iStock
The shift to the public cloud continues its aggressive growth trajectory: Forrester Research calculates that in 2018, companies spent $178 billion on public cloud services. The firm predicts that will increase to $236 billion by 2020.
A major reason for that growth surge is enhanced security. Forrester reports that 37% of global infrastructure decision makers cited improved security as an important reason to move to the public cloud.
While 57% of survey respondents do remain concerned about potential risks stemming from software-as-a-service (SaaS), platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS), cloud security solutions are working. And according to the 2018 survey of 3,089 respondents from seven countries, only a small percentage of breaches targeted public cloud environments.
Andras Cser, an author of the report and vice president and principal analyst for security and risk management at Forrester Research, says about 12% of attacks were directed against public cloud environments, but estimates that only 10% to 15% of those attempts were effective. “Public cloud is more secure than private clouds [and] on-premises environments, as you’re working with professionals who provide infrastructure and workload security to all their clients,” he says.
And enhanced security will be necessary to support cloud complexity. According to the report, “Organizations typically have multiple cloud implementations and use multiple cloud service providers. Public, private and hybrid clouds all coexist, serving different needs and applications. This complexity creates challenges for cloud security professionals, such as monitoring data, detecting anomalies and intercepting bad behaviors.”
Cser says current defenses are effective to a certain degree. “But you will almost always have to augment native platform security with third-party tools, especially in cross-cloud environments.”
It is also likely the relatively low number of attacks corresponds to the perceived value of the content contained within those clouds. Additionally, cyberattacks targeting the public cloud will rise as use becomes more widespread and high-value content is more commonplace.
The public cloud remains the biggest focus for security investment, says Forrester. “We estimate that companies spent $4 billion on public cloud native platform security in 2018, representing over 70% of total spending on cloud security solutions. We believe this will be the fastest growth sector and will reach $9.7 billion by 2023.”
Noting that traditional security tools often fall short when protecting data and applications in both the cloud and moving to and from the cloud, Forrester cites defenses that cloud security gateways enable:
- Encryption of data in use, at rest, and before it goes to SaaS applications
- Shadow IT detection
- Data loss prevention
- Malware detection
- Cloud access anomaly detection to discover and neutralize malware in the cloud
- Detection of fraudulent use of data in the cloud, such as unauthorized downloads or use of unsanctioned cloud platforms and applications.
But as is often the case, no single solution meets all needs. Forrester reports organizations deploy a mix of vendor, managed and cloud platform native tools to better secure data and cloud applications.
Cser says the biggest challenges currently for cloud security are identity and access management, data protection and network security, which “will be augmented by container security challenges and server-less security challenges in the future.”
SHAWNA McALEARNEY is a Las Vegas-based freelance writer and regular contributor to Cloud Security Insights.