In the aftermath of the pandemic, companies are determined to enhance operational efficiencies and rapidly move to the cloud. Whether for new initiatives or to replace existing systems, traditional IT solutions are being redeployed to the cloud. This growing preference for “cloud first” has been termed by Gartner as “cloud shift.” According to Gartner’s latest IT spending forecast, the amount spent on cloud system infrastructure will reach $81 billion by 2022 (from about $63 billion in 2020). Additional data indicates that, of organizations currently using cloud services, 70% plan to increase their cloud spend.
Disruptive Innovation: New Opportunities and Next-Generation Solutions for Cloud
Given the increasing proliferation of cloud strategies, we are now at the cusp of creating a foundation for new opportunities and next-generation solutions to define the future. Trends we are likely to see:
- Alignment of individual cloud decisions with organization goals: Developer-led organizations are innovating rapidly, more cost-effectively and with increased independence as they build new products and services to keep up with competitive market conditions. These organizations are looking beyond short-term benefits and investing in a cloud foundation to increase competitiveness, so as to accommodate technologies such as artificial intelligence (AI), advanced data analytics, IoT and edge computing.
- Workflow agility: Instead of achieving perfect final products, an agile methodology looks at short, rapid iterations in the software development process. DevOps, which governs the testing, security and deployment of software, is now increasingly constructing tool sets based on cloud computing models. These models enable both automation and repeatability of the entire developmental process, reducing errors, shortening responsiveness and enhancing speed to market.
- Purpose-built security deployment: Increasing cloud adoption means that the DevOps and infrastructure teams are leveraging microservices for their cloud applications. Therefore, more entities within production and the application lifecycle need to be protected. Cloud native development, which includes a combination of virtual machines (VMs), containers, Kubernetes and serverless architectures, has different security requirements and hence requires a purpose-built approach to security.
- Shift left and automation: Shifting left means moving security up in the development process, thereby placing emphasis on prevention over detection. Here, tests are conducted earlier, achieving continuous testing and continuous deployment.
Alongside cloud adoption, as we move forward, emphasis needs to be laid on cloud security so as to prevent unauthorized access to data and applications deployed to the cloud.
Best Practices to Adopt a Secure Cloud Strategy
We are in the midst of a new era of cloud, with multi-cloud strategies, provider independence and enterprise agility, where cost optimization will be crucial. Below are cloud security recommendations for enterprises opting to make a cloud shift.
- Consider a comprehensive cloud native security platform: The first step is to consider a “cloud smart” approach, one that balances an organization's goals with business value. Along with the explosion in cloud adoption, there are several unmanaged risks that need a comprehensive, all-encompassing solution which offers Cloud Security Posture Management (CSPM), a Cloud Workload Protection Platform (CWPP), Microsegmentation and Cloud Infrastructure Entitlement Management (CIEM).
- Enforce granular and uniform visibility, compliance, governance and risk management: This is absolutely essential for the handling of sensitive information as this helps automate data governance. Enterprises must ensure granular and uniform policies from a single control point for all the organization’s cloud applications. Granular visibility gives a peek into which actions are being taken by users within cloud apps, allowing for anomaly detection.
- Ensure your security provider is fully API-enabled for automation: APIs have changed the game with regard to the manner in which we communicate and transfer data. Hacked APIs, however, can make enterprise data extremely vulnerable. Securing every single API is expensive and cumbersome, and API deployments should be secured automatically.
- Prioritize CSPM to ensure infrastructure and workloads are configured properly: CSPM must extend into the development process to monitor and fix security issues automatically and protect sensitive data against misconfigurations, with no overhead configuration costs. CSPM is useful for businesses that have multi-cloud platforms, as it is interoperable. It helps proactively consolidate possible misconfigurations, mitigate risk, prevent data leakage and create a transparent platform for information relay.
- Address the requirements of protecting cloud workloads, including server workload protection, container security and serverless security capabilities: A CWPP refers to a workload-centric security solution that includes physical servers, VMs, containers and serverless workloads. With organizations having to grapple with legacy infrastructure, migration to the cloud is not always easy. Add to this the fact that they are often coping with a fragmented environment that is multi-cloud and hybrid. These changing workloads can introduce increased risk – but it can be mitigated through CWPP.
- Enforce permissions and secure identities across workloads and clouds: While migrating from on-premises deployments to using cloud-based services, identity management becomes more complex. It is therefore imperative for organizations to implement robust access management policies, ensuring that privileges are role-based and monitored.
- Have the ability to enforce identity-based microsegmentation: Microsegmentation is an emerging security best practice that allows security architects to segment the data center into separate zones. Security teams then leverage this zone approach, establish controls and deliver services for each unique infrastructure segment to enhance an organization’s security defense.
It is clear that the cloud shift is here and now, presenting both an opportunity and a risk for IT leaders. We’ve put a lot of thought into how we can help, and we believe that’s part of why Palo Alto Networks was named as the recipient of the 2020 Asia-Pacific Cloud Workload Protection Solution Vendor of the Year by Frost & Sullivan as one of its Best Practices Awards. Learn more at our webinar on Feb. 23, “2021 Cloud Security Trends.”