Enterprises must keep an eye on emerging threats and evolving security technologies to keep pace with change and mitigate business risks
Given the global uncertainties that businesses faced in 2022, it is interesting to see that Gartner has predicted an 11.3% increase in global security spending in 2023. Cloud security will contribute to a majority of this spending; Gartner also predicts that 95% of digital payloads across the world will be running in either a public or a private cloud by 2025. Obviously, with a tectonic growth in cloud adoption comes the increased need for cloud security.
Let us look at the cloud security areas trending amongst the business community in the year 2023.
According to Gartner, “Remote work and cloud-based delivery of enterprise applications by remote working professionals are primarily going to drive cloud adoption in 2023.” Hence, it would be prudent to trace the security trends from these two perspectives for the year ahead.
Cloud security will influence remote work
COVID has made remote work through the cloud a dire need due to its ‘anytime, anyone, anywhere’ possibilities for companies. Remote work primarily means the company will be looking at the following security concerns: a need for tightened IAM, permissions and privileges to access resources in the cloud, levels of authentication and authorisation needed to access that is beyond user id and passwords, the principle of zero trust, and a secure Virtual Desktop Infrastructure (VDI) to allow these accesses. Certainly, these security topics are going to trend a lot in 2023.
Securing enterprise applications on the cloud
Delivery of enterprise applications primarily means a tightened Develops for Cloud deployments, Continuous Integration (CI) and Continuous Deployment (CD) process that would include security in every aspect of the delivery process. It also means minimising target end-points that are exposed to the outside world and customers to minimise the attack surface for hackers, automatic risk assessments before deployments, and boot-strapped security and compliance processes that accompany the deployment.
While deploying cloud-native tools driven by secure containers with the security postures of the services they are going to expose to the outside world, organisations and CIOs will also think about proxies that are going to protect these services, white-listing of services, access control lists, application, and cloud security firewalls.
API and service architecture security
When considering enterprise application delivery, third-party APIs, especially the customer applications talking to SaaS applications would be a prime target for hackers. This may become a bigger concern if proper API security controls, authorisation and authentication protocols are not established between service endpoints. This could lead to security disasters, wherein within a few clicks hackers can control very private information of customers and corporates. Going ahead, API or Service Security will be much debated with standard solutions offered in the year 2023.
Securing multi-cloud deployments
Since companies do not want to get locked to a single cloud provider to deploy their applications, most of them adopt the multi-cloud option, where they establish deployments across multiple clouds. This makes it much more challenging to monitor since customers are forced to employ third-party tools to monitor their deployments across clouds. Multi-cloud environment, if not properly managed could lead to security nightmares. Definitely security problems faced during multi-cloud deployments will be the highlights of many technology and business forum discussions in 2023.
Data, device and user access security of cloud applications
This is going to directly lead us to end-point security, Edge-location security, and device security through which lots of users are going to access the enterprise applications. Hence, the security of an application will be as good as the device and Edge location from which the application end-point is going to be accessed. This would also touch upon an important aspect of privacy and data security, especially when users are handling applications through their devices.
Such devices and user security garner a lot of attention over the next few years as this is where the world of cloud applications is moving to and any slip-up could lead to a heyday for hackers. One can expect new products and trends like dynamic passphrase-based device security during the year.
Securing cloud deployments from known vulnerabilities
One of the other important security concerns in 2023 is the need to control known vulnerabilities. Around 75% of the attacks happen through the exploitation of known vulnerabilities. If these can be minimised, the company migrating to the cloud or one who is deploying cloud applications will be able to cover most of their bases. So, security tools that are going to help in assessing and eradicating known vulnerabilities would be a trend.
Another area of focus would be to identify network zones that will be greatly affected by the known vulnerabilities. By not keeping the greatest assets near the zones where hackers can easily access them after they immediately exploit the known vulnerabilities, the attack radius and intensity can be minimised.
Shared security for complex multi and hybrid clouds
With more companies adopting the cloud, a shared security model between the cloud customer and the cloud provider is going to be discussed a lot. This will be more so in the context of defining the responsibilities of each of the parties in establishing a balanced security posture between private and public cloud applications, and on-premise data in conjunction with the multi-cloud model. Since this is the most complex implementation from a security and governance perspective, that one can think of, it is going to trend a lot in the next few years or decade.
New areas of hope for cloud security
Finally, zero-knowledge proofs and Blockchain-based security implementations will start getting noticed in 2023 amongst cloud startups as a security mechanism. Zero-knowledge proofs will eliminate the need for password-based access in the future. Coupled with Blockchain-based cloud deployments, Zero Knowledge Proof Applications would offer some fascinating possibilities for enterprise and user cloud security. Though this is still a subject of research, experts point out that the time will come when the industry will make user access secure and easy without much burden on the users.
Summing up, 2023 is going to be a landmark year for cloud security enthusiasts where secure cloud-native tools, secure application deployments, vulnerability assessment tools, and new-age security will be discussed immensely.
By Raj Srinivasaraghavan
Srinivasaraghavan is the Chief Technology Officer at SecureKloud Technologies