2017 was another great year for the public cloud. This year we saw many enterprises migrate into the cloud for the first time. We also saw businesses take the plunge and embrace cloud-first and cloud-only approaches to IT.
In the first half of this year alone, the worldwide public cloud services market grew 28.6 percent with revenues of $63.2 billion, according to IDC.
Companies have decreased their spending on traditional system deployments to fund their cloud migration activities. Indeed, the “big three” providers in the IaaS market— Amazon Web Services, Microsoft, Azure and Google Cloud Services— have undergone explosive growth. Their revenues have increased 40 percent per year since 2011, according to Gartner. Gartner also forecasts 300 percent growth for IaaS between 2016 and 2020.
Growth is good, and will bring many changes to the cloud industry. But not all changes will be good, especially when it comes to security.
Let’s take a look at five cloud security trends I believe we will see in 2018.
1. Hackers will follow the money straight to the public cloud.
As more companies migrate to the public cloud, hackers will follow.
Getting a hold of a valuable database or source code is a lot more profitable than stealing individual credit card numbers. Valuable data now lives in cloud environments and hackers know that the security around the cloud is still iterating and optimizing. This makes corporate cloud environments irresistible targets for hackers.
In 2017, we saw how simple S3 bucket misconfiguration could spell disaster for massive companies like Verizon and even the United States military. 2018 needs to be the year where cloud security professionals learn from those mistakes and master best practices that will keep their information secure.
Cloud security will be a war fought on many fronts. New computational models like containers and serverless computing and a growing roster of cloud-native services such as databases, data warehouses, load balancers and DNS services are leaving behind traditional security tools like host firewalls and gateway network firewalls. Meanwhile, built-in security controls such as network security groups, virtual networks and identity and access management (IAM) are shifting the defense perimeter. Customers will need to understand and use the built-in controls effectively, or they will find their data exposed and vulnerable to attacks.
2. State-sponsored attacks
If you look at the large hacking campaigns that took place this year, many of them were aimed at privately owned companies as opposed to nation-owned assets like infrastructure, energy facilities, military capabilities or political party servers. But 2018 could be the year this changes.
Increased cyber terrorism is more of a guarantee than a prediction. The cloud and the petabytes of data it holds is just too alluring of a target for politically minded attackers. But, targeting the servers of the organizations that provide essential services (water, power, financial, etc.) to a country is not the only way to create chaos.
Today, damaging private institutions via cyber-attacks can be just as destabilizing as going after an electrical or sewage system. As the popularity of the cloud grows, the list of hackers’ targets does as well. We’re in the middle of an age where a few lines of code can be just as devastating as any explosion.
When governments recognize risk, they increase regulation. The cloud is becoming more valuable—and therefore riskier—to powerful nations every day. Cue the legislative response.
GDPR is just the beginning. Mark my words, by the time 2018 becomes 2019, cloud computing will be at least twice as regulated as it is today.
4. The cloud will be safe, but its users won’t be
IaaS, generally speaking, is the safest computing platform in history. AWS, Azure, GCP, Oracle and all the other main providers have made sure of that. Their server farms are physically protected like fortresses and their firewalls are like something out of Dante’s Inferno.
The security problem is the users. Human error is the number one cause of security breaches in the public cloud. These errors come in two primary forms:
Misconfiguration and human error. Too many S3 buckets were found unprotected this year. This is completely a human error issue. Cloud networks, especially at scale, can be lethally complicated. But with the variety of third-party security and configuration tools out there today, there really is no excuse for misconfigurations.
Falling for phishing attacks. Yes, these still work and that’s why in 2018 we will likely see an increase in the amount of private information being sold on the Dark Web. The days of ‘win a vacation’ schemes may be behind us, but even pros still fall for amateurish gambits.
These perpetrators are counting on you to be relaxed and open to a stupid mistake – but don’t be.
5. Money problems
Cryptocurrency is becoming particularly vulnerable to cyber threats.
Crypto, although anonymized and decentralized, is not stupid-proof. Bad configuration and weak protection could lead to a lot of empty wallets, especially as the success of operators like Bitcoin attract more casual users that aren’t prioritizing security.
In one incident this year, $78 million disappeared from NiceHash’s user wallets. The scary thing is how little that number seems to discourage users from putting security first.
In the coming year, it’s likely we’ll see more services getting compromised that use both crypto and traditional currencies. Security is everyone’s problem. If you plan on investing, invest securely.
6. AI-powered solutions
Information is simultaneously the most powerful weapon and greatest hurdle for cloud security professionals.
The number of data sources that provide security context seem to increase every day. These include cloud-native, time-based events from CloudTrail (VPC flow logs, etc.), threat intelligence feeds and geo databases. The data provided by these sources is crucial to assessing and addressing security concerns, but the human brain alone is ill-equipped to comb through all this information and determine what is and is not useful. The solution to this problem is artificial intelligence.
Finding the proverbial “needle in the haystack” to detect intrusions early and make sense of attacks after they occur requires the ability to automatically discover suspicious patterns. While security information and event management systems (SIEMs) provide event correlation capabilities, they lack the security context of a cloud environment.
Any security tool that doesn’t reduce the information overload burden and expects customers to find security issues themselves will be inadequate. Users need tools to help them digest the massive amounts of data that can cause cognitive overload.
To put it simply, we’re reaching the point where we need computers to protect our computers.