The digital landscape has undergone a dramatic transformation in recent years. With cloud computing emerging as the backbone of innovation in the race for digital supremacy, Gartner predicts that global spending on public cloud services will surpass $1 trillion by 2027 and will become a “business necessity” only a year later in 2028 (Gartner, November 2023). The race to integrate artificial intelligence (AI) into cloud platforms will likely drive even more growth and innovation, says John Engates, Field CTO at Cloudflare, a cloud security company.
Imperatives in a transforming landscape
As organisations forge ahead on their path of digital transformation, leaders find themselves at a crossroads – managing the growing complexity of cloud ecosystems and defending against the sophisticated security threats that accompany them. Prioritising visibility, control, and robust, adaptable defence mechanisms will be crucial for organisations to harness the full potential of the cloud while safeguarding their digital assets. The ability to navigate the cloud landscape with clarity and confidence will separate the trailblazers from those left behind.
Unpacking emerging cloud challenges
The trend of remote and hybrid working, coupled with the continued adoption of Software as a Service (SaaS) and other cloud technologies, has been accompanied by a rise in ransomware and email phishing attacks. According to recent estimates, over 90 per cent of cyberattacks originate from phishing emails.
The emergence of AI-enhanced social engineering and phishing attacks are adding to the concern for businesses. Crowdstrike’s 2023 Global Threat Report revealed a staggering 95 per cent increase in cloud exploitation last year, resulting in severe data breaches and financial losses (Crowdstrike, 2023). A continued surge in attacks of this magnitude would be unsustainable for most organisations.
The climate of ‘hacktivism’ will likely persist, with upcoming elections and pervasive geopolitical tensions further complicating the use of cloud services. Critical infrastructure, often targeted in regional and global conflicts, remains particularly vulnerable.
In 2023, the world witnessed an unprecedented wave of distributed denial of service (DDoS) attacks, fuelled by the exploitation of the rapid reset vulnerability in the HTTP/2 protocol. These attacks, amplified by DDoS-as-a-service botnets leveraging cloud computing infrastructure, reached new heights in terms of scale, potency, and mitigation difficulty.
Organisations must also navigate an increasingly complex web of compliance, privacy, and data sovereignty regulations. These often-conflicting guidelines further complicate the cloud security landscape. Moreover, advancements in quantum computing pose new challenges to data privacy and encryption. The potential vulnerability of current encryption methods in the face of ongoing technological advancements will likely jeopardise the security of data stored in the cloud.
These are just a sampling of the threats companies face in the cloud. Compounding these challenges is the global shortage of skilled cybersecurity professionals, making it more difficult for organisations to manage diverse cloud-based risks and implement effective security measures.
Strategies for cloud security
To address the surge in threats and market pressures, organisations are acting by retiring legacy on-premises hardware appliances and embracing decentralised cloud-based networking and security models like Secure Access Service Edge (SASE) with Zero Trust security frameworks. This brings a cloud-native approach and enhances security by enforcing rigorous identity verification for every user and device, allowing organisations to establish a more granular and adaptive security posture. It also removes the management burden and eliminates the “vuln-patch-vuln-patch” treadmill many teams are on with legacy devices.
Combating sophisticated phishing attempts requires a two-pronged approach: educating users and providing robust protection. Regular security and AI awareness training, combined with advanced email filtering and threat intelligence solutions, significantly reduces the risk of successful phishing attacks.
As AI-enhanced attacks become more prevalent and harder to detect, incorporating AI into defensive security tools is key. Integrated machine learning in tools like advanced phishing protection, Cloud Access Security Broker (CASB), and Data Loss Prevention (DLP) will help organisations keep pace with evolving threats by analysing vast amounts of data, identifying patterns, and detecting anomalies in real-time.
Developers are increasingly embracing DevSecOps, integrating security into every stage of the software development lifecycle. By embedding security controls and testing into the development process, organisations can identify and remediate vulnerabilities early, minimizing the risk of security incidents in production environments. Serverless computing, when leveraged effectively, can further reduce the attack surface and mitigate potential threats. Regular security audits, potentially augmented by AI, ensure the ongoing effectiveness of these measures.
Cloud security must extend across an organisation’s entire supply chain to mitigate risks associated with third-party services. Thorough vendor risk assessments are essential to ensure a secure and compliant cloud ecosystem. Leveraging the aforementioned tools can help mitigate the risks associated with contractor access to clouds or third-party integrations compromising security.
A holistic approach to cloud security, enforcing “everywhere security”, is critical for success in today’s complex threat landscape. By prioritising security at every touchpoint, from user education and DevSecOps practices to third-party risk management and advanced security solutions, organisations can build a resilient and adaptive security posture that enables them to confidently navigate the cloud landscape and reap the benefits of digital transformation.
Cloud-driven future
As the cloud computing landscape continues to evolve, organisations must adopt a proactive, adaptable, and comprehensive approach to security. Many organisations find they are essentially building a “connectivity cloud” to bring together all the users, applications, clouds, and sources of data in their digital ecosystem. In other words, they’re adopting a cloud-native approach vs continuing to rely on outdated networking and security architectures. In addition to investments in technology, fostering a security-first culture and continuously assessing and adjusting strategies are essential for success in this dynamic environment.
The future of cloud computing is bright, offering unlimited possibilities for innovation and growth. And AI has only brought more excitement and demand for cloud. By prioritising security and implementing the strategies we’ve discussed, organisations can confidently harness the power of the cloud while safeguarding their digital assets and maintaining customer trust. The path forward may be complex, but with the right mindset and tools, organisations can master the cloud landscape and unlock its full potential.
