Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
Runecast Predicts Positive Trends in 2023
By Raquel Campuzano Godoy, Product
Marketing Manager at Runecast
At the
beginning of 2022, a well-known IT news portal published an article titled "2021 was a
terrible year for cybersecurity. Without action, 2022 could be even worse". This may sound apocalyptic but that
statement was not without reason, as 2021 ended with one of the most impactful
software vulnerabilities in history, which largely affected organizations,
businesses, and even major cloud vendors: Log4Shell.
The
year 2022 was not so different since we have witnessed how big players such as
Twitter, Uber, Toyota, and Twilio, have suffered cyberattacks that led to data
breaches affecting millions of users by exposing their personal data and, as in
the case of Uber, involved criminal prosecution of its executives.
Everyone
knows it is impossible to convince cyber criminals to stop their threats and
attacks. You can not take action over what is not under your control, but what
organizations and companies can do is make sure that their environments are
armored against the risk. Against this backdrop, implementing solutions that
help companies to control, monitor, and secure their environments is no longer
optional.
Runecast
predictions for 2023 are oriented toward the idea of having fewer but more
efficient solutions in place to manage threats and risks. And as a bonus, we
should start thinking about pulling our socks up with Kubernetes (the
no-longer-emerging platform that we need to learn how to manage and secure if
we want to stay in the race of modern application development).
CNAPP consolidation as the
centerpiece for companies' security posture
Nowadays, developers have a tendency to think
of modern application development as the natural approach to follow when
delivering software. Paired with that idea, cloud-native applications are the
vehicle to rapidly and continuously innovate, build, and bring new
capabilities. Cloud adoption is on the rise, and increasingly more companies
are moving their workloads to hybrid and multi-cloud environments. Gartner has
reported that more than 85% of organizations will embrace a cloud-first
principle by 2025, which makes Cloud Native Application Platforms (CNAPP) a
centerpiece for improving their security posture.
CNAPPs bring to organizations and IT leaders
the possibility of integrating vulnerabilities and the relationships of these
findings with other issues across the development life cycle. Thus, development
teams can remediate the areas that represent the most risk ensuring the
deployment of fully secure and compliant applications in every stage. This is
not something new, because many companies already have a set of overlapping
tools widespread from development to production, but what makes CNAPP approach
unique is the aspect of unifying all the capabilities provided by IaC, CWPPs,
CIEM, CSPM, or container scanning tools all in a single platform. No more
fragmented views, no more information silos, no more additional costs, and no
more chances for drift and security gaps that attackers can exploit.
We are confident that 2023 will be "the year
of CNAPP" because, in the near future, cybersecurity will be a mandatory goal
in companies' leadership agendas and we will witness how cybersecurity risk
will be used as a decisive factor in conducting third-party transactions and
business engagements. There is no time for hesitation, it is time to act.
The need to embrace a single
source of truth (SSoT) mindset
While the trend in software development is to
bet on unifying repositories to have a unique place for the source code
management version control system, very few organizations are stepping forward
and moving to a single source of truth approach to ensure that all their IT
resources and information are stored and managed only in one place providing
data normalization and avoiding data loss.
Adopting a distributed architecture to run
workloads brings new challenges to face such as data lakes, miscommunication
between teams, and the complexity of the tools used to control the different
environments or information silos. In this scenario, having many tools and
dashboards to monitor is costly and impairs clarity and productivity, imposing
laborious maintenance needs.
Embracing an SSoT mindset when it comes to the
Security and Compliance areas means having the opportunity of simplifying the
control of vulnerabilities and preventing mistaken inconsistencies that can
lead to critical exposures - while simultaneously reducing costs and increasing
the efficiency of the DevOps and DevSecOps teams.
Kubernetes, Kubernetes,
Kubernetes
In 2020, the VMware State of Kubernetes report stated that although companies
were starting to adopt Kubernetes and cloud-native technologies, "it was still
early" in their adoption. The 2022 report highlights that Kubernetes is
entering the IT mainstream. Companies are massively moving their workloads to
Kubernetes because it makes software development simpler, enables them to move
to the cloud quickly and in a cost-efficient way, and also improves operators'
efficiency because it lifts resource utilization while making it easier to
upgrade and maintain applications both on-prem and in the cloud.
As the adoption of Kubernetes is growing fast,
the lack of adequate experience and expertise in dealing with Kubernetes
management challenges is burdensome. The need for companies to fill that gap by
looking for tools that offer services and support in all areas is key, and
obviously, security is not an exception. Organizations must define their
Kubernetes Security Posture Management as a critical action. Cluster admins and
operators can not leave the security of their workloads to the "do it yourself"
policy anymore and DevOps and DevSecOps teams are now responsible for keeping
their deployments up to date with all the requirements and compliance
standards.
Our prediction, or to better say, our
recommendation is for companies to seek next-generation tools that include
critical capabilities such as automation, hybrid, and multi-cloud operations
support, container image scanning, and vulnerability and compliance management
as well as best practices, remediation and unified (yet customizable) reporting
- ideally in a single platform. Thus, they will be able to modernize their
mission-critical workloads ensuring they are meeting security and compliance
requirements.
Contrary to the thought that opened this
article, 2022 was a terrible year for cybersecurity, yes, however, at Runecast
we are convinced that organizations' consciousness about the importance of
running secure and compliant workloads is increasingly widespread. This,
combined with the fact that new and more sophisticated solutions to protect IT
resources are available, makes us forecast a challenging but optimistic future.
Happy 2023 to everyone!
##
ABOUT THE AUTHOR
Raquel is Product Marketing Manager at
Runecast, where she helps users and customers to leverage the platform
effectively to improve their security posture and IT operations management.
Prior to Runecast, she worked at VMware, leading the creation of technical
materials for end users and developers, and planning joint marketing actions
with major cloud providers such as Azure, Intel, or AWS. She is also an
experienced technical writer documenting both Open Source and cybersecurity
solutions. If time permits, Raquel loves kayaking, reading, writing, cooking,
and traveling with her family.