Extra tags: cloud securityCloud Data
by David Chan, Managing Director, Adnovum Singapore
Cloud adoption continues to be an integral part of a firm’s IT infrastructure as we head into 2023. We are witnessing how businesses are tapping upon cloud-based services and infrastructure to scale new sources of revenue and market share growth.
In Asia Pacific, 75 percent of businesses surveyed reported that their public cloud infrastructure security remained a serious concern. The reason: cloud adoption outpacing security development.
This calls attention to the increased risks of hacks and losses as more vital operations are increasingly involved with cloud-centric services and infrastructure. For enterprises and institutions alike, we foresee a series of developments that will shape their cloud journey in the year ahead.
1. Cloud Security as an Extension of General Cybersecurity
As more businesses integrate elements of their services, data and workflows in cloud environments, general cybersecurity protocols will be re-evaluated to reflect the primacy of cloud-based business units. To ensure businesses can operate more resiliently in 2023, a top-down centralized approach to cybersecurity posture and IT infrastructure could be in the cards.
A 2022 study by Thales noted a 7 percent year-on-year increase in the adoption of a centralized cybersecurity model — with cloud security policies being defined by security teams rather than individual cloud delivery teams. It is reasonable to anticipate a year-on-year increase in a centralized cybersecurity model as more aspects of business become cloud-centric.
One general misconception worth addressing is the presumption that cloud security is solely the full responsibility of the cloud service provider. Cloud service providers are not necessarily privy to or obliged to a customer’s internal systems or workflows. Organizations will need to take the onus and invest in best practices for cloud security – such as complying with data protection regulations and minimizing the after-breach effects with adequate security planning.
2. Cloud Management: Centralized Visibility for Cloud Systems
Knowing is half the battle. It is critical to get and maintain detailed insight into all processes for data breach prevention. And when there's not one, but multiple cloud infrastructures, the complexity escalates.
In 2023, we believe that organizations will put greater emphasis on improving the visibility and observability of their cloud infrastructures. Capabilities that improve situational observations, real-time visibility, and engage with potential threats will be highly valued. This will put organizations on a higher vantage point to detect potential threats at the earliest, and take the necessary measures.
3. Growing Appeal in Multi-Cloud Environments
As businesses adapt to operational needs, legacy infrastructure, and evolving customer behaviour, better means of connectivity are sought-after and prioritized. This is where multi-cloud environments come in — ticking the boxes of flexibility and practicality to the existing needs of a business.
Heading into 2023, we think more organizations will respond by deploying multi-cloud security approaches to protect valuable data, assets, and fortify everyday applications. This could be realized by automating end-to-end security processes and maximizing threat detection, and incident-response processes. Firms with the capabilities to connect security data for more accurate analysis will serve in greater service for a business’s cloud security strategies. Solutions that can synchronize security tools and help businesses in their cybersecurity workflows will be more positively received.
4. Embedded Zero-Trust as The Starting Point
Zero-Trust — a principle of ‘never trust, always verify’ — has risen in prominence as the security posture to protect systems, valued data, and networks. The signs are promising. Gartner projects over 60 percent of organizations to embrace Zero Trust as a starting point for security by 2025.
Moving forward, Zero-Trust will serve as a foundational principle for business continuity by fortifying IT networks and influencing how and where information can flow or be accessed. We anticipate more granular designs of backend Zero-Trust architecture that limits the network connections of individual identity access privileges, which helps contain the spread and depth of damage in the event of a cybersecurity breach. Cloud products and services with a Zero-Trust principle embedded within its design and functionality would grow in appeal and use.
5. Heightened Awareness by Everyday Individuals
Humans continued to be the biggest vulnerability to an organization’s cybersecurity fortress. Sophisticated social engineering and psychological loopholes are growing in frequency as means to exploit human’s weaknesses and conduct more malicious activities. This cat-and-mouse game of cybersecurity deterrence has ramifications for businesses.
Cyber-competence is no longer an afterthought. We think organizations will double down on existing security protocols, incidence-response measures, and information confidentiality to protect their business operations and reputations. There will also likely be an uptick in internal cybersecurity audits and risk-assessment consultations, as businesses continue to invest in cyber resilience and reduce the losses from attack incidences.
The cloud offers exciting opportunities and flexibility, but also comes with increased complexities. Only by focusing efforts on instilling the right cybersecurity measures will organizations thrive in the cloud era.
