Trends of Cloud Security

Trends of Cloud Security

The discussions on current trends, growth, and scope of cloud security, and its importance in enterprise. In a recent interaction with the editor of siliconindia, Rohan Vaidya, Regional Director, India & SAARC, CyberArk, shared his insights about the importance of cloud security. Rohan emphasised on the importance of evolution, different models, and implementation of cloud securuty.

Cloud Security in 2023

2023 seems to be like a year where most of the companies or most of the large enterprises are in the midst of their cloud journey and there is a lot of focus in terms of cloud adoption, and especially with a large enterprise it’s more of a multi-cloud environment.  One of the primary areas which people would work is to start a journey for sun setting a lot of their on-prem applications and start adopting a lot of new technologies or new areas in the SaaS applications, and wherever it is not possible, they would do a little of lift and shift, they would start getting into a development which is more on DevOps part of the development.

It seems that in the Indian scenario, there is a new wave of new technology adoption which seems to be coming in play.  With that comes a larger challenge, which is the vulnerabilities in the disruptive technologies or the newly adopted technologies which is still not known, and you will see a lot many challenges, incidents which may happen on the newer technologies which people are going to adopt.  That seems to be the kind of challenge, or that could be trending in the New Year.

Ransomware will continue to be there, and it is getting more intelligent, it seems to be getting more mature so that’s going to continue under lateral movement within the organization especially for the ransomware seems to be the other trend which is there.  The third piece that we see is a lot of conversations on the OT devices or IoTs, IIoTs which are also kind of catching up, that is another threat landscape that you would see which attacks happening on the critical infrastructure or the IoTs, IIoTs devices which are there.

These are three trends which I would see which seems to be at this point of time which would dominate 2023 in the threat landscape.

Impact of Different Environments on Security Policies Cloud Security Implementations and Enterprises

Over a period of time the security framework is changing but then they aren’t really changing at a speed at what most of the large organizations are adopting technologies around it.  There is a gap in terms of what the security guys… traditional security guys want and what the business wants in terms of the technologies implemented.  There is a gap in terms of what’s really happening.  The newer technologies are again… not everything is under the purview or under the understanding of what the CIO, CCOs, know about it.

A lot of times the technologies get adopted or free versions are being used by the developers and that is what these guys… then the security guys understand that this is being used and then it is a catch-up game for them to be able to secure those technologies which they are using.  One of the things which is moving very strongly as an advocacy or as a learning for a lot of the large organizations is, is the shift to the left, which means that you start talking to the developers, starting talking to the business users who are using technologies and make them aware of the challenges of the technology… using this technology there could be cyber threats and start implementing security in the beginning or at the design stage ,so that it kind of gives a much better effect on the security posture of the organization as you go along.

Growth and Scope Of Adoption of the Enterprise Cloud Scale

Post COVID, it seems to be that every organization… every large organization including the BFSI segment, private national banks that we have seen are very actively adopting cloud technologies, and they adopt in two or three different ways.  The first easiest way for them is the most adoptable part is the SaaS technologies.  Any service or any product that we are using, if those vendors are expecting them to move to SaaS or are offering a SaaS product on the existing product which they have, the migration is something which most of these organizations are welcoming. Moving to a SaaS based service, gives them multiple advantage, one is the management of that product… it’s more a vendor management and there is a single point of control from a security as well as the operational part which goes on the SaaS.

Secondly most of the SaaS products are built in such a way that there is a lot of thought and an investment which has already gone at a design side for the security perspective.  It’s fairly safe for organizations to use SaaS products, and then of course the financial benefit for SaaS product is in terms of a better ROI, a better, faster implementation and a true up, true down kind of the licenses.  That kind of gives them better acceptability.  That is the first part of acceptability which is there.  The second part of the acceptability is building products which are microservices based on the cloud platform.  Anything which could be hosted on the cloud platform are products which they are wanting to buy.  That’s the other part which the organizations have been using, and the third is to sign up for the cloud service providers, and most of the large organizations we have seen, they have a multicloud strategy where they would have one of the cloud providers as their primary service providers but they would from a business continuity perspective will bring in the other 2-3 cloud providers and then that is something which works well for them in terms of dividing the loads, having not just redundancy but redundancy from a technology perspective, redundancy from a geography perspective.  Those are areas which we have seen people really doing it.

A few of the early adopters or one of the fastest moving seems to be in the Azure space where Office 365 is a product which most of the customers are quickly moving on to and that is their first step for the cloud journey.  We have seen a lot of marketing campaigns, marketing instances being hosted on AWS which also is a good confidence building activity for organizations moving to cloud because they would look at it as a less critical activity, activities which require a quick ramp up, ramp down, more from an availability perspective to do certain things with the prospect customers and could have a lesser impact if those services are disrupted.  Those kinds of quick adoptions which we see.  But looks like in India, the state of mind for most of the businesses and technology community cloud seems to be the future.

Infrastructure of Cloud Computing and its Different Models

What seems to be in India are the public clouds which typically the AWS, Azure, GCP which are doing quite well in terms of the infrastructure cloud environment which is available.  They have invested, all these companies have invested into India data centers which makes a very big difference in terms of the new data privacy law which we are going back and forth in terms of the introduction, but  primarily for Indian organizations to feel safe and feel comfortable is to have an India data center and all the cloud loads which post their data are within the national territory, something which these organizations have understood and they have invested.  Private clouds which are there, which are more vendor specific like IBM would have a cloud; IHP would have a cloud; Oracle has a cloud, SAP has a cloud and these are more of product based clouds which a lot of the organizations have already invested working on that, which again deep investments, good availability of resources to manage those clouds., good partner environment is kind of enabling these things to happen, and then there are companies like us who have built our product on SaaS platforms which is again what we have… one of our leading products which is privilege cloud and most of our other products I would say or all of our current offerings are SaaS based products and we host them in India on India data centers.  Those are things where the organizations are kind of adopting, looking at it and working it looks like there are the traditional large enterprise organizations which are on a journey.  The digital native companies, born in the cloud are completely focused on adopting only cloud technologies.  We have seen RFPs coming out saying that if it is not a cloud technology don’t even bid for it.  There is a new community of cloud workers I would say who have started coming in play where certification is one of the primary drivers for these people.  So a cloud engineer or a cloud architect, gets more reviewed or would get his job more on the number of certifications and the level of certifications for different technologies that he has achieved rather than his basic academic background that he comes from which was a part of the traditional IT recruitment process that if he is a CS engineer or he is an engineer from this institute with so many years, now it’s how many certifications, which technologies, how complex implementations, how complex industries he has worked with is a new trend for hiring which is coming up now.

Vulunerabilities and Evolution of Cyber Security

With a lot of incidents happening within the different domains every organization understands that they are constantly under attack. When you are under attack, it is every time there is an attack in whichever part of your organization or whichever domain of your organization, you have to be defending and winning every single time. It just takes once for the bad guy to win and that is something which becomes a larger challenge from a high level, every organization, all the senior leaders including the board members understand that this is going to be the way of life in terms of this constant threat and attack are going to be there.  At the same time, navigating through these tough times and tough waters is very important in terms of how do they proactively identify the different vulnerabilities? how do they keep their teams and themselves understand as to what are the newer areas that they can quickly adopt to newer framework for security which can be adopted, and which can be effectively used.

The other part, which is becoming more important that, security is no longer a silo play. CyberArk is the only technology that if we work in silos, we would not be able to give a better ROI or a better security posture to the organization. Most of the organizations now work as team, especially with CyberArk we have something called as C3 Alliance where we integrate more than 1,000 odd technologies from over 217 partners - where we are able to integrate with multiple technologies so that each of these benefit from the CyberArk capabilities; and that in a way helps large organizations from their environment to onboard those technologies on to CyberArk and get a protection in terms of privilege access management or extend that to the identity security space.