Virtualization Technology News and Information
Runecast 2023 Predictions: Positive Trends in 2023


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Runecast Predicts Positive Trends in 2023

By Raquel Campuzano Godoy, Product Marketing Manager at Runecast

At the beginning of 2022, a well-known IT news portal published an article titled "2021 was a terrible year for cybersecurity. Without action, 2022 could be even worse". This may sound apocalyptic but that statement was not without reason, as 2021 ended with one of the most impactful software vulnerabilities in history, which largely affected organizations, businesses, and even major cloud vendors: Log4Shell. 

The year 2022 was not so different since we have witnessed how big players such as Twitter, Uber, Toyota, and Twilio, have suffered cyberattacks that led to data breaches affecting millions of users by exposing their personal data and, as in the case of Uber, involved criminal prosecution of its executives.

Everyone knows it is impossible to convince cyber criminals to stop their threats and attacks. You can not take action over what is not under your control, but what organizations and companies can do is make sure that their environments are armored against the risk. Against this backdrop, implementing solutions that help companies to control, monitor, and secure their environments is no longer optional.

Runecast predictions for 2023 are oriented toward the idea of having fewer but more efficient solutions in place to manage threats and risks. And as a bonus, we should start thinking about pulling our socks up with Kubernetes (the no-longer-emerging platform that we need to learn how to manage and secure if we want to stay in the race of modern application development).

CNAPP consolidation as the centerpiece for companies' security posture

Nowadays, developers have a tendency to think of modern application development as the natural approach to follow when delivering software. Paired with that idea, cloud-native applications are the vehicle to rapidly and continuously innovate, build, and bring new capabilities. Cloud adoption is on the rise, and increasingly more companies are moving their workloads to hybrid and multi-cloud environments. Gartner has reported that more than 85% of organizations will embrace a cloud-first principle by 2025, which makes Cloud Native Application Platforms (CNAPP) a centerpiece for improving their security posture.

CNAPPs bring to organizations and IT leaders the possibility of integrating vulnerabilities and the relationships of these findings with other issues across the development life cycle. Thus, development teams can remediate the areas that represent the most risk ensuring the deployment of fully secure and compliant applications in every stage. This is not something new, because many companies already have a set of overlapping tools widespread from development to production, but what makes CNAPP approach unique is the aspect of unifying all the capabilities provided by IaC, CWPPs, CIEM, CSPM, or container scanning tools all in a single platform. No more fragmented views, no more information silos, no more additional costs, and no more chances for drift and security gaps that attackers can exploit.

We are confident that 2023 will be "the year of CNAPP" because, in the near future, cybersecurity will be a mandatory goal in companies' leadership agendas and we will witness how cybersecurity risk will be used as a decisive factor in conducting third-party transactions and business engagements. There is no time for hesitation, it is time to act.

The need to embrace a single source of truth (SSoT) mindset

While the trend in software development is to bet on unifying repositories to have a unique place for the source code management version control system, very few organizations are stepping forward and moving to a single source of truth approach to ensure that all their IT resources and information are stored and managed only in one place providing data normalization and avoiding data loss.

Adopting a distributed architecture to run workloads brings new challenges to face such as data lakes, miscommunication between teams, and the complexity of the tools used to control the different environments or information silos. In this scenario, having many tools and dashboards to monitor is costly and impairs clarity and productivity, imposing laborious maintenance needs. 

Embracing an SSoT mindset when it comes to the Security and Compliance areas means having the opportunity of simplifying the control of vulnerabilities and preventing mistaken inconsistencies that can lead to critical exposures - while simultaneously reducing costs and increasing the efficiency of the DevOps and DevSecOps teams.

Kubernetes, Kubernetes, Kubernetes

In 2020, the VMware State of Kubernetes report stated that although companies were starting to adopt Kubernetes and cloud-native technologies, "it was still early" in their adoption. The 2022 report highlights that Kubernetes is entering the IT mainstream. Companies are massively moving their workloads to Kubernetes because it makes software development simpler, enables them to move to the cloud quickly and in a cost-efficient way, and also improves operators' efficiency because it lifts resource utilization while making it easier to upgrade and maintain applications both on-prem and in the cloud.

As the adoption of Kubernetes is growing fast, the lack of adequate experience and expertise in dealing with Kubernetes management challenges is burdensome. The need for companies to fill that gap by looking for tools that offer services and support in all areas is key, and obviously, security is not an exception. Organizations must define their Kubernetes Security Posture Management as a critical action. Cluster admins and operators can not leave the security of their workloads to the "do it yourself" policy anymore and DevOps and DevSecOps teams are now responsible for keeping their deployments up to date with all the requirements and compliance standards.

Our prediction, or to better say, our recommendation is for companies to seek next-generation tools that include critical capabilities such as automation, hybrid, and multi-cloud operations support, container image scanning, and vulnerability and compliance management as well as best practices, remediation and unified (yet customizable) reporting - ideally in a single platform. Thus, they will be able to modernize their mission-critical workloads ensuring they are meeting security and compliance requirements.

Contrary to the thought that opened this article, 2022 was a terrible year for cybersecurity, yes, however, at Runecast we are convinced that organizations' consciousness about the importance of running secure and compliant workloads is increasingly widespread. This, combined with the fact that new and more sophisticated solutions to protect IT resources are available, makes us forecast a challenging but optimistic future. Happy 2023 to everyone!




Raquel is Product Marketing Manager at Runecast, where she helps users and customers to leverage the platform effectively to improve their security posture and IT operations management. Prior to Runecast, she worked at VMware, leading the creation of technical materials for end users and developers, and planning joint marketing actions with major cloud providers such as Azure, Intel, or AWS. She is also an experienced technical writer documenting both Open Source and cybersecurity solutions. If time permits, Raquel loves kayaking, reading, writing, cooking, and traveling with her family.

Published Monday, January 02, 2023 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2023>