Cybersecurity’s most proven innovation catalyst continues to be the many challenges of securing cloud infrastructure. The cloud has won the enterprise, dominating large enterprises’ tech stacks. The average enterprise uses 1,427 cloud services, and the average enterprise employee uses up to 36 cloud services, including platforms for collaboration and file-sharing.
By 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure, up from 40% in 2020. AI and machine learning are accelerating innovation, providing new insights into threats and risks in real time. CrowdStrike’s rapid advances in AI and machine learning exemplify how endpoint security providers are capitalizing on threat data to innovate quickly, for example.
Cloud’s soaring growth creates new security challenges
The cloud’s dominance of enterprise networks and tech stacks is fueling IT’s biggest and fastest-growing market. Gartner predicts worldwide public cloud services will grow from $604.9 billion in 2023 to $1 trillion by 2026, attaining a compound annual growth rate (CAGR) of 18.24%. The fastest-growing segments of public cloud services include database management, business intelligence, security, and infrastructure-as-a-service (IaaS). Spending on public cloud security services is forecast to grow from $19.4 billion in 2022 to $48.9 billion in 2026, attaining a CAGR of 20.3%. Ninety-four percent of enterprises use cloud services today, and 75% say security is a top concern. Sixty-seven percent of enterprises have already standardized their infrastructures on the cloud.
As enterprises lift and shift their workloads to the cloud, they face greater risks of breaches, accidentally misconfigured cloud platforms, and inconsistent identity access management (IAM) and privileged access management (PAM) coverage across hyperscalers and cloud platforms. Gartner predicts that at least 99% of cloud security failures will be the user’s fault, accentuating the need for continuously training IT and security teams on the latest cloud security techniques.
More than $1.3 trillion in enterprise IT spending is at stake, and this will grow to almost $1.8 trillion in 2025. By that year, 51% of IT spending will be on public cloud services, compared to 41% in 2022. Almost two-thirds (65.9%) of spending on application software will be directed toward cloud technologies in 2025, up from 57.7% in 2022.
Why cloud security is driving innovation
“Adding security should be a business enabler. It should be something that adds to your business resiliency, and it should be something that helps protect the productivity gains of digital transformation,” said George Kurtz, CrowdStrike’s co-founder and CEO, during his keynote at the company’s Fal.Con event last year.
There is strong demand from enterprises looking to secure their increasingly complex cloud infrastructures and tech stacks. Gartner predicts enterprise spending on cloud security will double between 2023 and 2026, growing from $6.4 billion to $12.9 billion. Worldwide end-user spending on information security and risk management will grow from $167.86 billion in 2022 to $261.48 billion in 2026, achieving a CAGR of 11.1%. That demand is driving higher levels of R&D spending across cybersecurity vendors and startups.
CISOs and CIOs often collaborate on building business cases for their most challenging cloud security initiatives. This includes cases for zero-trust and multicloud security, for example.
During his keynote at Fal.Con, Kurtz explained how enterprise cybersecurity vendors are innovating faster to keep up with enterprises’ needs. He highlighted that CrowdStrike had earned the reputation of being “the Salesforce of security” due to its cloud-based architecture. This architecture brings greater UX and UI flexibility, allowing users to integrate with existing on-premises systems easily. CrowdStrike’s focus on devops and product development is evident in its track record of successful new products. Its teams evidently have the agility to quickly iterate on its platform.
In an interview with VentureBeat, Amol Kulkarni, chief product and engineering officer at CrowdStrike, said, “If you have the core infrastructure in the right place, then you can iterate rapidly and build out products much faster because the baseline is there. The second part is that we have this notion of collecting once and us[ing] multiple times. So that is based on … collecting all the telemetry in the security of the cloud and then adding additional analytics for different scenarios. So that gives us that velocity.”
Where cloud’s impact is greatest
The digital transformation initiatives George Kurtz spoke of in his keynote at Fal.Con Last year are examples of the new business initiatives requiring CISOs and CIOs to rethink how they implement cybersecurity as a team. New SaaS applications, legacy on-premise applications that integrate into hybrid cloud configurations, multicloud, and the lack of IAM support across different hyperscalers all increase attack surfaces.
Many emerging technologies are being fast-tracked to market to help enterprises deal with the exponentially increasing number of attack surfaces. Protecting all forms of identities is critical today, as they’re under siege. The reasons include growing gaps between operational technology (OT) and IT systems; fast-growing Internet of Things (IoT) networks and numbers of endpoints; and the need to protect supply chain touchpoints with self-healing endpoints.
CISOs’ and CIOs’ future careers will depend on how well they orchestrate these technologies, including SaaS applications, to drive revenue. SaaS application-based revenue is expected to grow at a 9% CAGR between 2020 and 2023 to a value of $60.36 billion. The global SaaS market is valued at around $3 trillion and could surge to $10 trillion by 2030.
Gartner’s latest Security Radar provides a valuable framework for evaluating the contributions cloud is making to cybersecurity in general and zero trust specifically. Gartner identifies six core themes driving cloud-based cybersecurity innovation:
- Securing cloud service usage
- The expansion of attack surfaces
- Identities as the new security perimeter
- Adoption of new approaches to cybersecurity, designed to deliver the consolidation CISOs are asking for in their tech stack, with SASE, XDR and other technologies being used for this purpose
- The use of the same technologies for new delivery models
- Security automation, including hyperautomation, and AI, which have the potential to alleviate the chronic worker shortages many enterprises are facing
AI and machine learning are filling a critical cloud security niche
Global spending on AI in cybersecurity is estimated to grow from $12 billion in 2020 to $30.5 billion by 2025. Enterprises and the cybersecurity vendors serving them continue to invest heavily in AI and machine learning. The goal is to make sense of massive amounts of data and deliver dependable insights.
Numerous early successes in AI have involved identifying sophisticated security risks by running behavioral analysis on files before they are run or after they have been executed. Using AI and machine learning to detect anomalies helps speed investigation by linking and combining related notification signals. This augmented detection fortifies alerts by automatically determining what additional data is necessary for an investigation and collecting, normalizing and visualizing that data before the actual investigation begins.
Enterprises will often use AI-based security operations apps and platforms to create playbooks that define the most effective deterrence and risk mitigation steps, depending on what has been successful in the past at defining cloud-based threat surfaces. Artificial Intelligence scans and either recommends or, in more trustworthy situations, instantly executes the next steps, thus saving the analyst the time they would have needed to figure out these stages. Leading vendors in this market include BluVector, CrowdStrike, Cybersec, Cyware, Exabeam, LogRhythm, Rapid7, ServiceNow, Siscale (Arcanna.ai) and Stellar Cyber.
Behind CIEM’s rapid growth
Cloud infrastructure entitlements management (CIEM) helps identify incorrectly configured access rights and permissions on cloud platforms while enforcing least privileged access. CIEM’s rapid growth is attributable to the increasing complexity of configuring multicloud, hybrid cloud and private cloud configurations.
CIEM systems flag and alert risks or inappropriate behavior and use automation to change policies and entitlements. The current generation of CIEM platforms manage access rights, permissions and privileges for the tens of thousands of identities that rely on a multicloud environment, enforcing the principle of least privilege. This helps to identify and avoid risks resulting from excessive permissions.
CIEM also pays off in cloud configurations by providing visibility across all permissions assigned to all identities, actions and resources across cloud infrastructures and enforcing least privilege access to reduce access risks.
Leading CIEM vendors include Authomize, Britive, CrowdStrike, CyberArk, Ermetic, Microsoft, SailPoint, Saviynt, SentinelOne (Attivo Networks), Sonrai Security and Zscaler.
Scott Fanning, senior director of product management and cloud security at CrowdStrike, told VentureBeat that the company’s approach to CIEM enables enterprises to prevent identity-based threats from turning into breaches because of improperly configured cloud entitlements across public cloud service providers. “We’re having more discussions about identity governance and identity deployment in boardrooms,” he told VentureBeat during a recent interview. CrowdStrike’s key design goals include enforcing least privileged access to clouds and providing continuous detection and remediation of identity threats.
Greater reliance on diverse cloud infrastructure drives innovation in expanded CNAPP
Several leading cybersecurity vendors have taken on the ambitious goal of improving their cloud-native application protection platform (CNAPP) capabilities to keep pace with the new complexity of multicloud configurations in the enterprise. Vendors with CNAPP on their roadmaps include Aqua Security, CrowdStrike, Lacework, Orca Security, Palo Alto Networks, Rapid7 and Trend Micro.
CrowdStrike is the home of one of the most noteworthy developments in this area. The CNAPP capabilities of CrowdStrike’s Cloud Security include new CIEM features and the integration of CrowdStrike Asset Graph. The latter offers a way to get an overview of cloud-based assets and better understand and protect cloud identities and permissions using both CIEM and CNAPP. With these two tools, enterprises can gain visibility and control over which and how users are accessing their cloud-based resources.
CrowdStrike’s Fanning told VentureBeat that the company’s approach to CIEM enables organizations to prevent identity-based threats resulting from improperly configured cloud entitlements across public cloud service providers.
XDR quickly becoming core to cloud security’s future
Extended detection and response (XDR) is a cloud-based threat detection investigation and response (TDIR) platform that integrates, correlates and contextualizes data and alerts from multiple security prevention, detection and response components. During VentureBeat’s interviews with CrowdStrike’s customers at Fal.Con last year and Palo Alto Networks’ customers at Ignite ‘22, we found that XDR is gaining traction particularly in the financial services, insurance and professional services industries, which are known for the complexity of their cloud-based infrastructures and tech stacks. Leading cybersecurity vendors offering XDR platforms include CrowdStrike, Microsoft, Palo Alto Networks, TEHTRIS and Trend Micro.
XDR platforms such asCrowdStrike Falcon, Cortex XDR and Microsoft 365 Defender use data from various sources to provide a unified, 360-degree view of all alerts, events and potential risks captured by an enterprise’s telemetry data. Nearly all such platforms rely on AI and machine learning to process data, detect anomalies and deliver insights to security teams, most often on a cloud-based unified cloud platform. Leading XDR providers, including CrowdStrike, also support open APIs for integration and streamlining automation at scale. XDR platforms are being used to further deliver consolidation options to CISOs who want to reduce costs and improve visibility by having fewer cybersecurity apps deliver more value.
CISOs and CIOs tell VentureBeat XDR is gaining traction with IT and security departments that don’t have the time or resources to integrate diverse applications that can extend beyond endpoints and want to gain real-time visibility and control using telemetry data. One of CISOs’ most common complaints is that existing security systems are not equipped to store log files for an extended period. CrowdStrike’s’ acquisition of Humio is considered a step toward solving this issue, indicating a prescient move toward XDR’s future. IBM’s acquisition of Randori, Elastic’s of Endgame and SentinelOne’s of Scalyr reflect how critical XDR is to cybersecurity vendors’ cloud security roadmaps and strategies.
Digital transformation initiatives redefining enterprises today require CISOs and CIOs to rethink how they implement cybersecurity as a team. New SaaS applications, legacy on-premise applications that integrate into hybrid cloud configurations, multicloud, and the lack of IAM support across different hyperscalers all increase attack surfaces. Shrinking attack surfaces with the new, innovative cybersecurity technologies are core to any enterprise’s revenue growth and future.
The more enterprises shift their workloads to the cloud, the greater the risk of breaches and loss of sensitive information. To meet these challenges, new ways of protecting cloud infrastructures and endpoints alongside traditional strategies for data center security are essential. Gartner predicts that more than $1.3 trillion in enterprise IT spending will shift to the public cloud by 2025.
By investing in new products, asset management solutions and automation, enterprises can reduce the risks associated with moving IT workloads to the cloud while maintaining compliance and visibility into operations.
The post The cloud’s growing impact on cybersecurity appeared first on Venture Beat.