Notwithstanding Weakness in Various Sectors of IT, Cloud Security Remains on a Roll


Posted on by Robert Ackerman

Despite all the hoopla about substantial progress in artificial intelligence, underscoring a huge step forward in the digital arena, challenges remain in the IT world. Look no further than big layoffs at a number of their biggest players. In just the first four weeks of this year, nearly 100 technology companies, including giant companies like Meta, Amazon, Microsoft, Alphabet, TikTok, and Salesforce, have collectively let go of roughly 25,000 employees.  

This followed the layoff of more than 262,000 in 2023 at nearly 1,200 technology companies. In addition, technology companies were widely expected to cut IT security in other expenses in a bid to further reduce costs.

But something funny subsequently happened on the cloud security front. Their initially proposed spending cutbacks turned out to be fundamentally non-existent. Last year turned out to be one of significant cloud security spending, as was the case in previous years, and 2024 is widely expected to follow suit.

The lesson is that some things in the IT universe are extremely important and some are not, and when hard times pop up, spending priorities get a harder look.

Marketing and sales, for example, are important to stir growth, but less important when customers feel compelled to spend less. In the case of cybersecurity, on the other hand, unscrupulous hackers commonly steal Social Security numbers from corporate computer systems, grab passwords from social media sites and even manage to confiscate intellectual property. This can ruin relationships with customers and place companies in significant legal jeopardy.

Meanwhile, enterprises have come to markedly prefer cloud security over on-premise data centers.

Cloud computing offers enterprises more reliability, scalability and flexibility, removing the hassle of maintaining and updating systems. Moreover, cloud security, while hardly perfect, is often more secure than data centers because cloud providers typically have more resources for keeping data secure and patching vulnerabilities more quickly. Cloud providers also embrace encryption more often.

According to Fortune Business Insights, the global cloud computing market grew to $588 billion in 2023, up from $495 billion in 2022, and is expected to continue to grow at a compound annual growth rate of at least 15 % annually in coming years.

Also propelling growth is the explosion of remote workers, who work at least part of their week at home and usually have less security than they would if they worked inside corporate settings. While office attendance has rebounded substantially since the Covid-19 pandemic, this hardly means today is like it once was. Instead, remote work has given way to hybrid work (a combination of in-office and remote work) and is widely expected to stay this way.

Surveys show that American workers now go to the office an average of roughly three-and-a-half days weekly. Only 37 % go to the office daily.

None of this should suggest that cloud security has no pitfalls. For years, cloud service providers have treated cloud security risks as a shared responsibility.  Corporations often made the mistake of believing that the responsibility of cloud security automatically shifted to the cloud provider. Customers also falsely assumed that they could use the same password for every software-as-a-service account they had, without ill effect. 

The upshot was that a number of substantial clients, including Accenture, the global professional services company, and cloud giants such as Amazon and Microsoft, got whacked with data exposure. This situation has improved, albeit not entirely, and, meanwhile, increased compliance requirements, hybrid and multi-cloud complexities, and a lack of skilled practitioners have prodded some organizations to slow their cloud adaptation strategies.

Ultimately, the outlook for cloud adoption indisputably remains bright, in part because cloud purveyors today have been busily adopting consolidated platforms to break down silos by wrapping IT, operations, and cybersecurity departments into one common platform. Cloud purveyors are also strengthening themselves by embracing ever more automation, especially in DevSecOps, Zero Trust, and AI-driven threat detection.

Regarding the concentration of silos, sizable cybersecurity companies such as Palo Alto Networks, Zscaler, and Cloudfare have moved into this space. This makes it easier for select CIOs and CISOs to sleep at night, knowing that their eyes are better focused on all their traffic and workloads – and hence more secure.

Then there is the heightened advantage of automation. In the case of DevSecOps, demand for new applications had been increasing so rapidly that apps were being produced faster than new security controls – a so-called “pace gap” and a recipe for a breach. Fortunately, companies have been responding to the pace gap by incorporating security automation into their production lifecycle, thereby guarding against potential hacker exposure and improving efficiency.

Meanwhile, the Zero Trust Model has gained prominence in the context of trends for security in cloud apps, operating on the principle of “trust no one, verify everything.” Users are continuously authenticated and authorized, ensuring that only legitimate users gain access to sensitive data. Also increasingly entering the picture is AI-driven threat detection, serving as the safeguard of sky-high data vaults. AI algorithms continuously analyze massive amounts of data to identify anomalies and potential breaches to stop threats in their tracks.

The long-term goal of all these steps is obvious: Transforming an organization’s focus from reacting to security incidents to proactively strengthening its security posture. This way, leaders spend less time managing day-to-day problems and more time enhancing the value of their business – exactly the way it should be.


Contributors
Robert Ackerman

Founder/Managing Director, AllegisCyber, AllegisCyber Capital

Cloud Security

zero trust cloud security Cloud Infrastructure Artificial Intelligence / Machine Learning business continuity & disaster recovery Hackers / Threats risk management DevSecOps

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs