Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

2023 Predictions for Cloud Security

By Rahul Bakshi, Chief Product Officer, eSentire

The shift to cloud computing continues to be one of the most transformative business enablers in terms of impact, global reach, and complexity; and it's no secret that the pandemic significantly accelerated cloud adoption. As we put the last couple of years behind us - along with the corresponding reactive responses that drove cloud adoption - 2023 will experience more intentional cloud strategies and incorporate learnings from the prior years. 

In the new year, we can expect to see a more comprehensive approach to building and executing a cloud-first strategy. Key to the success of these initiatives will be the need for visibility across all layers when it comes to security, and a focus on building and maintaining resilience through it all.

1.   Increased focus on adopting a cloud-first strategy.

As we move into 2023, we will see organizations prioritize executing their cloud strategies, resulting in the more rapid adoption of cloud-native services to support their business transformation and a corresponding increase in cloud spend. In fact, Gartner forecasts cloud spending will grow nearly 21% by next year and reach close to $600 billion in 2023.¹ Applications are becoming more cloud-native - whether it is a re-architecture or a net new build - to benefit from the economies of cloud-native technologies and an improved customer experience. To that end, we will also see the proliferation of cloud-native containers as the standard vehicle for application deployment. Cloud-native architectures and technologies will be critical to the digital strategy of any competitive enterprise.

2.   Increased visibility - and security - across layers.

As cloud adoption continues to mature and scale, it will be imperative that organizations align their security efforts and data protection to encompass cloud environments. While cloud architectures drive some of the more nuanced security requirements, including container security, the need to protect the application stack, data, and underlying infrastructure remains as it did for on-premises deployments. Companies will need to invest more resources not only in cloud security tools but also in the people required to understand how the cloud works and the subsequent requirements to protect those workloads. 

Driven by economic gain, security threats will continue to become both more frequent and more sophisticated, and in turn, organizations will need to seek security solutions that provide 24/7 proactive threat detection and robust investigation and threat response in the cloud. One of the more interesting highlights of cloud security over the last few years continues to be the need for organizations to be dialed in to vulnerabilities and misconfigurations in the cloud and the need to implement best practices to secure and lock down cloud platforms. The nature of SaaS applications increases these threat vectors.  

3.   An investment in cyber resilience. 

Security posture, risk management, resilience....these terms can mean different things to different people, but when you think through security, they build on one another and ultimately dictate how well a business can minimize disruptions to their operations and continue to function when they do occur. In the next year, we will see a shift in organizations prioritizing the reduction of risk, AND the building of cyber resilience. The latest Forrester report predicts an increase in Chief Risk Officers (CROs) reporting directly to the CEO, which is expected to grow to over 50% in the next year. This is one indication that the enterprise continues to pivot in mindset and views security as a more business-oriented outcome, with the need for a true strategy for cyber resilience, which I define as the ability to prevent, withstand, and recover from cybersecurity incidents.  

For companies migrating to the cloud, CISOs will need to focus their budgets on having cloud-aware tools (not just work in the cloud, but work like the cloud), training, and a team versed in both on-premises and cloud security. All organizations will need, at minimum, a process for reporting security gaps, and they will need resources dedicated to managing security solutions, so those reports are actioned. 

Companies will never be able to eliminate cyber risk, but we're going to see more organizations putting full-scale cyber resilience plans in place - with the resources to make them happen - to effectively measure progress and improvement. With this, we'll see the continued shift from reactive responses to cyberthreats to strategies rooted in resilience when it comes to cybersecurity. 

The time of hyper-reactive decisions, necessitated by the darker days of the pandemic, has passed, but the lessons of flexibility, transparency, adaptability and resilience remain. As cloud computing continues to see improvements in reliability, speed, and capability, more organizations will embrace - and rely on - the efficiencies and scalability it enables. 

Here's to 2023.

##

ABOUT THE AUTHOR

As Chief Product Officer, Rahul Bakshi leads eSentire’s Product Management teams to develop and execute on the product strategy. Rahul is an industry veteran who brings 20+ years of experience in cybersecurity, SaaS, cloud computing, and managed services.

Most recently, Rahul served as Senior Vice President, Product for Securonix, where they took the leader’s quadrant for Gartner’s Magic Quadrant for SIEM 3 times, launched new offerings in SOAR and XDR broadening the company’s total addressable market & competitive positioning, and worked with some of the largest security service providers to enable them to deliver MDR offerings. Prior to that, Rahul was VP Product at Alert Logic, where they grew to be a leader in Cloud Security and Security-as-a-Service. Additionally, Rahul has held leadership positions at SunGard and HungerRush with a proven track record of building and leading high-performing teams.

Rahul holds a bachelor’s degree in Biology and a Master of Business Administration (MBA) in Finance from the University of Houston.

1 Forrester, "Predictions 2023: Cybersecurity, Risk, And Privacy," Heidi Shey, Allie Mellen, Janet Worthington, Jinan Budge, Jess Burn, Alla Alente and Jeff Pollard, October 2022.