Virtualization Technology News and Information
Article
RSS
Ermetic 2023 Predictions: What to Expect in Cloud Security in 2023

vmblog-predictions-2023 

Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

What to Expect in Cloud Security in 2023

By Arick Goomanovsky, co-founder and Chief Business Office of Ermetic

DevOps, excessive entitlements, legacy controls and network protection are set to become key areas of emphasis next year. So, without further ado, here are my top four predictions for cloud security next year...      

1.  Continued cloud adoption will shift more responsibility away from traditional IT into the hands of the product and development teams. Due to this democratization of cloud security, expect organizations to accelerate their adoption of infrastructure as Code (IaC) security tools and implement "shift left" concepts for cloud infrastructure such as scanning IaC for misconfigurations and policy violations prior to deployment. Conversely, cloud security platforms that are traditionally designed for security stakeholders will include more capabilities that are specifically targeted at developers, such as automatic remediation of issues directly in the code, in languages like Terraform.
2.  With more and more infrastructure migrating to the cloud,organizations will need to focus on cloud-native approaches to security controls, such as cloud infrastructure entitlement management (CIEM). Cloud identity has replaced the network as the primary perimeter.  With thousands of human and machine identities in every cloud deployment, they are the largest attack surface and the number one cause of lateral movement in case of a breach. CIEM solutions provide a way to manage these risks, eliminate excessive and standing privileges, and to alert on suspicious behaviors.

3.  Expect companies to implement new approaches that implement legacy security controls in the cloud, and not to simply "copy-paste" their on-premise technologies for network security, workload protection, and vulnerability scanning into the cloud setting. Why?  Because while many basic security concepts are the same in the cloud and on-premise, their implementation is very different.

In Platform as a Service environments like AWS, Azure and Google cloud, developers can deploy infrastructure much more easily because many of the operational details are handled by the cloud service providers. On the other hand, operations and security teams have much less knowledge about how the various services in the environment work and interact. This becomes a serious obstacle when you "lift and shift" enterprise security silos to the cloud.

New, cloud-native application protection platforms take a more holistic approach, providing top-down visibility into all of the services in the environment, and determining risk levels based on broader context.

4.  Finally, although cloud identity is emerging as "the new network", networking controls will continue to play an important role in the cloud security stack. Expect companies to continue to invest in network security, leveraging more cloud-native capabilities in parallel with traditional firewall and VPN vendors. That's because the network in the cloud is different from on-premises, and is created by cloud platform providers using the virtual services - like routers, switches, load balancers - offered by the cloud service providers. To get visibility into network security risks, What worked on-premises won't work in the cloud. Managing network security in the cloud requires new tools and skills, especially visibility into network exposures.

##

ABOUT THE AUTHOR

Arick Goomanovsky 

Arick Goomanovsky is co-founder and Chief Business Office of Ermetic. He is a cybersecurity, national security, and cyberwarfare expert. Previously, he was a co-founder of Sygnia Consulting, a cyber consulting and incident response firm that was acquired by Temasek Holdings. He also worked at McKinsey & Company in London, where he focused on strategy and operations. Arick served for 15 years in the Intelligence Unit of the Israel Defense Forces in senior leadership R&D positions.

Published Wednesday, November 16, 2022 7:30 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2022>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910