Research from Forrester forecasts a 17.6 percent rise in the global spending on securing the cloud; with an increased estimate of public cloud platform native security (PCPNS) spending which is forecast to total US$ 5.2 billion (£4 billion) by the end of this year. By 2023 that figure is expected to exceed US$ 9.7 billion (£7.5 billion) and the global cloud security solutions market a whopping US$ 12.7 billion (£9.75 billion).
This despite the fact that only 12 percent of breaches currently target public cloud environments. Forrester predicts that as the value of the content stored within these clouds continues to increase so the number of cloud targeting cyber-attacks will also rise.
Speaking to SC Media UK, Jennifer Adams, a senior forecast analyst at Forrester and co-author of the Cloud Security Solutions Forecast report, suggested the biggest growth driver for this rise in spending is increased adoption PCPNS. "Enterprises are increasing their spending on security services provided by public cloud vendors, such as AWS and Microsoft Azure" Adams says, continuing "this is the fastest growing segment in our forecast with 19.0 percent compound annual growth expected over the next five years."
Enterprises are continuing to move their workloads to the public cloud, leaving security and risk professionals with the challenge of ensuring sensitive data remains secure. "While public cloud was once viewed as a potential source of risk" Adams added, "security and risk professionals increasingly trust the public cloud providers as partners." Indeed, according to the latest Forrester Global Business Technographics Security Survey, improved security was cited as the top reason to move to the public cloud by security decision makers.
More money to secure data is never a bad thing, unless it is spent unwisely that is. So, what should the security budget priorities be for enterprises moving to the cloud? SC Media UK put that very question to a number of industry experts. First up is Nathan Britton, manager for the application and cloud security practice UK at NTT Security. He says that many of the breaches NTT Security has seen are down to a lack of understanding of the cloud shared responsibility model (CSRM) and basic misconfigurations. "As a result" Britton says, "organisations are looking at increasing spending on cloud specific training and awareness programmes to enhance their own IT staff’s capabilities to build defences against any potential security breach and reduce the risk of exposing customer data by unnecessary misconfigurations."
Pascal Geenens, Radware's EMEA security evangelist, thinks that cloud workload protection (CWP) and in particular cloud security posture management (CSPM) should be top of mind when considering the migration of applications to the public cloud. "The attack surface of the public cloud is determined by access permissions" Geenens points out, continuing, "and as such it is of the utmost importance to keep a strict least privilege policy."
Joseph Carson, chief security scientist and advisory CISO with Thycotic, agrees that with a cloud-first approach "privileged access management (PAM) becomes crucial for companies carrying out the transition to the cloud so they are able to prevent unauthorised access which can be supported with multi-factor authentication and vulnerability assessment services." Aaron Zander, head of IT at HackerOne, would also start first with identity. "It’s important to define who and what an employee is into a central cloud-based location" he told SC Media UK, adding "tools like Okta, Google Cloud Identity and Azure AD are all good ways to start."
Then there is the visibility issue to consider. "Having recently conducted research to quantify the threats cloud environments face every single day" Matt Boddy, a security engineer at Sophos, says "I can tell you that visibility needs to guide cloud security investment." That Sophos research found each internet facing device receives 13 breach attempts on average per minute, according to Boddy, and set of 10 honeypots received over 5 million login attempts over a 30 day period.
High on the spending priority list is securing containers for Glen Pendley, senior vice president of engineering at Tenable. "Containers and new cloud instances can be spun up and down in a matter of minutes" Pendley says "this means security teams need to assess applications in the pipeline, before they hit production." Certainly containers and Kubernetes orchestration are booming as a cloud technology, but Dave Allen, vice president for Western Europe at Palo Alto Networks points out these are all too often insecure by default. "Even with AWS, Azure and Google doing much of the heavy-lifting for managed container services" Allen told SC Media UK "there is still security work for enterprise consumers of public cloud services to address." Nearly half the enterprises that Palo Alto Networks investigated permitted traffic from any source to their Kubernetes pods according to Allen who concludes "this is a vulnerability that must be closed down."