Post banner
Cloud Security 4 Min Read

Establishing a 2021 Cloud Security Strategy

In early 2020, organizations were already moving quickly towards the cloud before the COVID-19 pandemic put their journey into fifth gear. How fast is cloud migration happening? According to Synergy Research Group, global spending on cloud infrastructure services grew 33% in Q2 2020 over the same period in 2019 to $30 billion

Similarly, a recent IDC report indicated that the COVID-19 pandemic is further accelerating the speed and scale of developing digital-native business applications and services as organizations prepare to survive in the post-pandemic world. By 2023, more than 500 million new logical applications will be created — equivalent to the number of applications created in the past 40 years. IDC expects the installed base of container instances to grow at a 62.1% CAGR from 2019 to 2023.  

The business benefits of cloud and container utilization are clear: improved flexibility and agility, lower costs and faster time to market. However, while businesses are increasingly seeking the business growth and innovation opportunities that cloud adoption provides, many are discovering it comes with a slew of new security and compliance challenges.

In fact, the recently published Verizon 2020 Data Breach Investigations Report found that cloud assets were involved in just under a quarter of all security breaches last year. 

In 2021, security organizations will need to execute on a cloud security strategy that enables significant workplace transformations, to include an increasingly remote workforce. Moreover, there’s a growing importance on maintaining customer trust and confidence for companies delivering cloud based apps and services, especially when it comes to a company’s ability to secure critical systems and sensitive customer information. A major security incident or breach can result in significant financial penalties and/or irreparable damage to a company’s brand and reputation.

Thus, companies must maintain consistent security observability across all attack surfaces, regardless of how they change over time, but striking the right balance between technology enablement and security will be challenging.

With more applications and data moving to the cloud, cybercriminals will certainly follow. So, as your team puts together its 2021 security strategy, cloud security and compliance needs to be a top priority. To help ensure your cloud security strategy is future-proof, make sure to consider the following:

  • Cloud services (shared responsibility): Before you start working on your cloud security strategy, make sure you understand exactly where your own responsibility lies. Cloud providers operate on a shared responsibility model. Generally speaking, this means that cloud providers secure their infrastructure against attack, but customers are responsible for ensuring security and compliance for the workloads running on that infrastructure. Check your contract carefully.
  • Containers: Many in IT mistakenly assume that containers are inherently more secure than on-premises data centers or hyperscale cloud. But containers aren’t security tools; they’re DevOps tools for deploying and managing apps at scale. These benefits are leading to increased container adoption. However, as we’ve seen before, security can often be overlooked during times of rapid change. Security teams will need to take a close look at how their organizations are adopting containers to ensure that container security best practices are being followed. 
  • Avoidable risk: Misconfigurations and human error account for 95% of cloud breaches, so preventing these kinds of mistakes should be a top priority. IT operations and security teams alike will benefit from investing in tools for detecting and correcting misconfigurations. Additionally, if properly implemented, machine learning can go a long way towards automating this process to provide a higher level of accuracy than is possible with manual configuration.
  • Compliance: Especially if you are in a multi-cloud environment and moving applications and data between different providers, it’s important to ensure that your organization remains in compliance with applicable regulations, such as PCI, HIPAA, SOC 2, GDPR, CCPA and local laws governing data sovereignty. Compliance must be part of your considerations for cloud security in 2021.
  • High value skill sets: Cloud security is a different beast from on-premises security and requires a different set of skills to do it well. Unfortunately, both cloud and security skills are in high demand, making it difficult to hire and retain talent. Conduct a skills inventory and make a plan to fill any gaps. 
  • Staff augmentation: As noted earlier, hyperscale cloud environments have a different set of security requirements from those that many IT operations and security teams have grown  accustomed to. Therefore, relevant skills may be in short supply. But beyond expertise, securing and ensuring compliance in a cloud environment can be a complex and cumbersome task. Working with outside experts to offload some or even all of your cloud security responsibilities can save money, strengthen security and enable IT operations and security teams to direct internal resources to higher-value projects. 
  • Machine learning-based automation: ML will have an unparalleled impact on cloud security in 2021 as resource constrained security teams seek to reduce human-intensive triage work. Primary usage will be associated with baselining normal behavior and automating event and alert correlation to uncover suspicious activities. By packaging related security activity together, ML algorithms can apply relevant context to alerts concerning security and compliance related  issues, anomalies, and non-compliant changes to the infrastructure and application stack. As a result, security teams can reduce operational costs and allocate more of their time and resources towards threat hunting and remediation efforts. 

The role of the cloud and container utilization will significantly grow in 2021 and beyond, as the speed of migrating to hyperscale environments continues to accelerate. 

Without a sound cloud security strategy, organizations will increase their risk profile as they increase their cloud consumption, opening themselves up to potentially devastating attacks and breaches. 

A strong cloud security strategy paired with advanced technology solutions and trusted security partners will help ensure organizations can take advantage of the many unique capabilities and benefits  of modern computing environments without incurring additional and unacceptable risk.

Download our latest ebook to learn how Threat Stack can help you future-proof your cloud security strategy: Navigating the knowns and unknowns of cloud security