There are a host of issues affecting and set to affect cloud computing and the associated area of cybersecurity. Many of these potentials will be realised in 2022.
To gain an insight into what is happening within the cloud security space, Digital Journal caught up with Eric Kedrosky, CISO, Sonrai Security.
Insiders may now be outsiders
According to Kedrosky we can expect a greater series of threats from within the firm: “Breaches due to insider threats will be exacerbated by increased access due to over-provisioning during the pandemic as companies go back to the office post-COVID. But the insiders may be outsiders. Bad actors know how to exploit access vulnerabilities and enterprises lack visibility to detect the vulnerabilities.”
Reskilling and upskilling badly needed
Kedrosky explains that as malicious actors become more skilled, so too must staff within companies: “Hackers, bad actors, and certain insiders are more skilled at cloud security than enterprise security teams. The cloud skills gap will continue in 2022 and put a spotlight on enterprise vulnerabilities as more are held for ransom, and as more personally identifiable information is sold on the open market.”
The skills gap is very real, and it is affecting the operability of many companies.
“For almost every two cloud security jobs in the United States today, a third job is sitting empty because of a shortage of skilled people. It’s like going into football’s Super Bowl with only seven players on the field when the other team has all eleven.” Kedrosky adds.
Turnover in security staffing will be rampant
The ever-increasing cloud security skills gap, combined with the Great Resignation (noticeable from September 2021), plus a need for corporations to show more revenue per-head will result in massive churn in security staffing.
Kedrosky notes the following pattern: “Cloud-native, skilled-up security teams will push legacy tech-devotees out to pasture, introducing skill gaps and risk along with reward.”
Azure and GCP close the gap with AWS in the cloud
Another key trend, says Kedrosky is where: “Azure and Google are closing the gap on AWS and will accelerate that further in 2022 based on an increase in players that are entering the game and leveling the playing field, such as Alibaba, Oracle Cloud Infrastructure, and others.”
Furthermore, he finds: “Azure and Google Cloud’s cloud-native development and accelerated cloud migration among its customers has been boosted by its focus on industry-specific solutions, machine learning, analytics, and data management.”
“What we are seeing from the field is that this gap is closing as more companies move to multi-cloud strategy focusing on services that support their industry,” Kedrosky, says, pondering: “Are your security teams ready to secure two clouds?”
Top PaaS and IaaS will be hit with Zero-Day exploits
Top public cloud players have greatly expanded their attack surfaces with the race to develop and deploy more apps to more people in more regions to drive growth, Kedrosky notes: “This has expanded their attack surfaces and security measures may not have kept pace in a way that is sufficient to meet the need. We predict that a major cloud player will suffer a Zero Day attack and that the ramifications for the entire space will be massive in 2022.”
CSPM becomes a defacto standard for F1000 CISOs
Another factor shaping cloud operations is with standardization. Kedrosky analyses: “Increased migration to public clouds in combination with a rise in hacks and breaches will drive cloud security posture management (CSPM) into the “check-box” realm for Global 1000 CISCOs. Tasked with establishing and maintaining least privilege for their cloud environments, and faced with expertise and staffing shortages, deployment of leading CSPM platforms will become an industry-wide standard though CSPM tools will vary.”
“CSPM is the foundation of how we secure our cloud environments,” Kedrosky adds, “If you don’t have the right CSPM tool done correctly with the right tools – multi-clouds, remediation- you’ll be left behind.”
Identity takes center stage, with CIEM on the rise
Identity and data access complexity are exploding in the public cloud. Kedrosky assess: “There are tens of thousands pieces of computer, along with an array of interdependencies and inheritances that first-generation security tools miss – as shown by so many data breaches in the cloud. That “identity is the new perimeter” is so often said these days that it’s almost become trite, still few companies are truly prepared to address it.”
This leads to: “The need to, as will be evidenced by a rise in hacks and breaches based on exploiting it, will drive Cloud Infrastructure and Entitlement Management (CIEM) to the top of CISO’s list of must-haves.”
“Networks once formed the security perimeter. Identities now do this in the cloud you need to know what your identities true permissions are, what they can do with these permissions,” Kedrosky advises.
Kedrosky also foresees: “Gone are the days of periodic, surface level audits…Continuous audits are now needed and your organization needs to understand the state of your cloud at any time. It’s a multidimensional battle.”
Corporate boards add CISOs
The prominence and impact of hacks and breaches having increased greatly in recent years. Kedrosky this “Will lead to corporate boards of directors in 2022 adding members with demonstrated experience and expertise in both the cloud and security. Like finance and M&A, security is now central to, rather than an afterthought, when developing and executing corporate growth strategies.”
Third-party attack vectors will be the Achilles’ heel for enterprises
Still challenged to exploit vulnerabilities in the world’s largest and best-defended organizations directly, Kedrosky fears that “Savvy bad actors will find side entrances through partners and other third parties with too much privileged access to large corporate resources. Moving in under the cover of outside organizations could mean that it takes longer to discover the breaches and that the impacts are therefore more severe.”
”When organizations do not take appropriate measures to shield themselves against third-party risk,” Kedrosky, concludes, warning: “They leave their business vulnerable to both security and non-compliance risks. Do you know how those third parties are using and accessing your data?”