The Bar is Rising for Securing Workloads in the Public Cloud – Will it Affect Cloud Adoption?
Enterprise cloud adoption has grown significantly in the past few years, with 90% of businesses expected to utilize cloud services by the end of 2022. This spells a big boom for cloud service providers (CSPs). The global cloud computing market is currently valued at over $480 billion and will grow to more than $1.7 trillion in 2029. The growth potential is massive, but there’s a big catch.
As enterprises get more consistent with their approach to the cloud, they are becoming more security conscious. Enterprise cloud customers are starting to demand single security policy and single security workflow on top of multi-cloud support. As a result, many customers shift their cloud philosophy from an agility-first system that ignores all the rules to an enterprise computing platform that must factor in security and compliance.
Leading CSPs must recognize that although cloud adoption will continue to accelerate in the future, enterprises now will give more weight to providers that can deliver top-class security in addition to sophisticated cloud services and their benefits.
What CSPs Need to Do
Given the ubiquitous connectivity in the cloud, the network is the most efficient place to place defenses. But following the rules can’t come at the expense of the cloud’s benefits. This means two things:
- Cloud “tools” that satisfy a single need, are bound to a single platform, and require heavy management to put into production won’t work.
There are valid concerns regarding the dependability of a CSP’s network security capabilities, from vendor lock-in, misconfigurations, lack of visibility, external sharing of data, insecure APIs/interfaces, data security compliance, and more. Modern consumers want the benefits of the multi-cloud approach and don’t want to be tied to a single CSP with a rigid, generic network security framework.
- Legacy data center virtual appliances that are pre-cloud might have the network security features but fail the cloud test. As enterprises move their processes and information to the cloud, their need to store and move volumes of business data using on-premise, legacy networking devices diminishes significantly.
Modern CSPs need to develop an approach that combines the benefits of multi-cloud and the desirable security features that enterprises demand of legacy systems. In addition, CSPs need to offer enterprise consumers these security capabilities along with the cloud pedigree.
Cloud Vulnerabilities Drive Demand For Cloud-Native Security
Most enterprises started efforts in the public cloud in a distributed fashion. As many attempts to make those efforts consistent, they look to bring a proven set of security functions to bear – albeit in a cloud-native form factor.
It is imperative in today’s business landscape to achieve fast and unhindered delivery of mission-critical cloud-native applications. But as cyber threats grow ever more sophisticated, enterprises need to shift left and address all cloud vulnerabilities and risks with cloud-native security solutions designed to shield apps, resources, workloads, and data residing in the cloud.
There has been increased interest in cloud-native security due to a few critical cloud-wide vulnerabilities, most notably Log4j/Log4J Shell. In our conversations with enterprises, we note that they are looking for:
- A single workflow of network visibility, deployment of security controls, and a single security policy workload
- Low latency, high performance
- Dynamic multi-cloud policy across subscriptions
These emerging needs effectively highlight areas where leading CSPs are lacking. These flaws also provide top-rated CSPs the opportunities they need to remain leaders in the market. All they have to do is address them effectively.
- Providing enterprises a unified security policy that is implementable across different security functions (e.g., FW/IPS/WAF) for each workload
- Eliminate data path architecture limitations
- Removing control-plane limitations.
Raising the Cybersecurity Bar in the Cloud-Native Era
It’s not enough to be a secure platform. Piecemeal efforts like toolkits, narrowly-scoped security tech, and siloed third-party offerings won’t meet that bar.
Enterprises want all of the benefits of the cloud, but expectations for their ability to secure workloads have been raised. Suppose the cloud is the platform of choice for enterprise apps. In that case, organizations will need to secure those apps in the way their risk management policy dictates – which is to say that the cloud security bar is now at the enterprise level. Along with this perception is enterprise consumers’ expectation that CSPs do a better job in providing best-in-class cybersecurity.
In this cloud-native era, CSPs must take a more prominent role in cybersecurity. While this could relieve CISOs of some burden, the bulk of cybersecurity remains in their hands. CSPs have to enhance their offerings and make their security configurations workload and app-centric while leaving consumers room for customization to meet business-specific requirements and ensure adherence to prevailing industry standards and compliance policies.