How leaders can restore visibility and control

Digital clouds against a blue background.
(Image credit: Shutterstock / Blackboard)

Last year, it was evident that cloud computing played a significant role in shaping business transformation. Recent Gartner forecasts predict spending on global public cloud services alone will exceed $1 trillion by 2027, reflecting its growing importance. The integration of artificial intelligence (AI) into cloud services, a key focus at AWS re:Invent 2023, is driving innovation and growth while introducing challenges related to security and compliance.

This leaves leaders navigating both the rising complexity and sophistication of security threats, and looking for ways to gain visibility and take back control over increasingly complicated cloud ecosystems.

The dynamic nature of cloud security necessitates the adoption of more flexible and resilient defense mechanisms to protect against threats in a constantly changing environment.

John Engates

Field CTO at Cloudflare.

Emerging challenges in cloud security

The continued remote and hybrid work trend and adoption of Software as a Service (SaaS) and cloud technologies are no surprise, but the increase in ransomware and email phishing attacks has spurred a growing need for more robust security measures to safeguard these distributed business assets.

We also witnessed an unprecedented wave of distributed denial of service (DDoS) attacks in 2023, driven by the discovery and exploitation of the critical rapid reset flaw in the HTTP/2 protocol. These incidents set new records for the scale of DDoS attacks. Additionally, DDoS botnets harnessing the power of the cloud computing infrastructure amplified the potency and complexity of mitigating these attacks.

A climate of hacktivism will likely continue into 2024 and beyond. Elections and geopolitical tensions add further complications to the use of cloud services, especially when critical infrastructure becomes the go to target in regional and global conflict.

The emergence of AI-enhanced social engineering and email phishing is concerning as well. The impact of social engineering attacks led to significant compromises and data loss in 2023 and Crowdstrike's 2023 Global Threat Report, noted a 95% growth in cloud exploitation.

Meanwhile, advancements in quantum computing, which intersects with a complex mix of new compliance, privacy, and data sovereignty regulations (which often conflict) brings challenges in meeting security and compliance requirements. The efficacy of current encryption algorithms could put the confidentiality of data stored in the cloud at risk in the face of future advancements.

Managing such a diverse set of cloud-based risks and the security measures meant to mitigate them, has become increasingly daunting amid a persistent talent shortage in security, amplifying the knowledge gap.

Strategies for enhanced cloud security

These surges in threats and market pressures have prompted organizations to embrace decentralized networking and security models such as Secure Access Service Edge (SASE) and implement Zero Trust security frameworks to enhance user and data security in the cloud. This ensures rigorous identity verification for every user and device attempting to access cloud resources, irrespective of the network architecture.

Integrating advanced phishing protection, Cloud Access Security Broker (CASB), and Data Loss Prevention (DLP) has proven pivotal too. The focus has to be on user protection and education, equipping users with knowledge and tools to upskill in detection and response to counteract threats. AI will likely be needed in security tool stacks to help keep pace with the threat of AI-enhanced phishing and social engineering attacks. For developers, there’s been a pivot towards the integration of security into every stage of software development (DevSecOps). Streamlining and automating security processes enhances transparency and manageability, while regular audits ensure the effectiveness of security measures against emerging threats and identify any neglected areas of cloud infrastructure e.g., unsecured APIs.

Cloud security must also be integrated across an organization's supply chain to mitigate risks associated with third-party services throughout the lifecycle of cloud-based applications. Advanced cloud security solutions, such as cloud workload protection (CWP), cloud security posture management (CSPM), and cloud infrastructure entitlement management (CIEM), will offer comprehensive protection and permissions across cloud environments.

The path forward

For organizations to thrive in this future of cloud computing, establishing a security-centric culture is essential. This involves championing a mindset where security is interwoven with every aspect of operations, thereby safeguarding assets, data, and customer trust. As technological advancements continue to redefine the cloud computing landscape, the necessity for dynamic and fortified security strategies becomes paramount, particularly to counter AI-powered threats and safeguard against the exploitation of cloud infrastructures.

Achieving better control over cloud operations will facilitate the rapid adoption of new technologies, the implementation of effective security policies, and swift responses to emerging threats, all while optimising resource allocation and reducing redundancy. However, navigating the complexity of cloud systems and the paradoxical challenges posed by management tools requires a proactive, vigilant approach and the utilization of more unified, adaptable security solutions.

The convergence of strategic leadership, a committed security-first culture, and advanced technological solutions will be crucial in mastering the cloud computing domain. This comprehensive approach not only ensures robust defense mechanisms against an evolving threat landscape but also solidifies an organization's capability to lead with confidence in the digital transformation journey.

We've featured the best online cybersecurity course.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

John Engates is Field CTO is Cloudflare.