Cloud computing is the adoption in the present and coming years. There’s a classification of public, private, and hybrid clouds and then an ever-growing list of technologies using some variations of cloud classifications and as-a-Service delivery models.
It is hard to keep up with the opportunities surrounding every new innovation that strike the market. It’s difficult to stay on top of the present challenges—particularly the security issues facing the variety of cloud computing solutions available in the market.
1. Ransomware, cybercrime & cloud security
Cloud computing enables anytime, anywhere access of information from centralized datacenter repositories. The underlying resources are not always controlled by the customers and vendors are responsible for managing vulnerabilities. On the other hand, users of cloud computing are expected to keep data safe against cyber threats such as ransomware that use social engineering ploys to access and control sensitive data stored in data centers.
Two factors have contributed to cloud data centers becoming popular targets of ransomware and crypto-mining:
- Lack of security awareness among users
- Inadequate visibility and control into cloud infrastructure
Cloud computing exposes data on three fronts:
- Data at rest: data stored in data centers
- Data in transition: data transfer across the network
- Data in use: data processed in servers locally or in the cloud
To reduce the risk of data leaks and ransomware attacks, organizations must secure data access and enable end-to-end encryption.
2. Lack of cyber laws, consensus & privacy awareness
Governments around the world have called for stringent measures that guarantee cloud security for business customers and end-users. The 2018 UNESCO Internet Governance Forum event is one example, but a global or regional consensus remains rare. Security, access violations, intellectual property rights, and resilience against cyberthreats is perceived differently across the world, so global companies are forced to comply with diverse regulations accordingly.
Uncertainty and diversity affect cloud security even more, due to the geographic diversity of data center locations and the users accessing them. Furthermore, privacy awareness among users drives demand for transparency, whereas customers of cloud computing resources may have only limited visibility into the underlying security performance of the cloud infrastructure.
3. DevSecOps and SDLC in the cloud
DevOps is growing in popularity as an SDLC framework that enables rapid releases of high-quality software products with lower risk and waste processes. DevOps adoption requires automation and infrastructure management solutions delivered as a cloud service. The process itself must be simultaneously fast and secure.
The approach of integrating and automating security tasks within the SDLC process is called DevSecOps, where the people and technology involved in the pipeline actively contribute to the full lifecycle of the software products. Security must be integrated within the process itself, and not as an additional layer of checklist items that can be automated.
4. Cloud security investments & industry trends
The (public) cloud computing industry is expected to grow by 17% YOY to reach the $266.4 billion mark in 2020, among other cloud trends. The global cloud security industry is following a similar growth trend, increasing by 23.5% CAGR to reach the $8.9 billion mark by the end of this year. Global events have reshaped the way technology companies work, with further increased cloud adoption—and the associated underlying security risks.
According to McAfee, enterprise use of cloud solutions increased by 50% between January and April 2020. At the same time, external threat actors increased by 630%. The report also points to cloud-native security considerations as critical for enterprise workloads operating in the cloud. In response, certain tasks must be automated, such as:
- Cloud security administration
- Configuration management
- Other manual processes
5. AI as a Solution?
Of course, automation alone is not sufficient to combat the security risks associated with cloud computing. Business operations in the enterprises and software products operating from the cloud are largely data driven. Automated configuration management and infrastructure operation changes must account for contextual behavior of the IT environment and business requirements. This is where intelligence plays a key role and technologies such as AIOps are becoming increasingly popular in the ITSM space driven by cloud computing and security challenges.