Cloud environments and the security, privacy, and governance controls required to safeguard them are now arguably the top priorities for most chief information security officers (CISOs) and other executive-level stakeholders.
President, Cloud Security Alliance
No matter their current stages in the race to cloud, both private and public entities quickly pivoted to leveraging these services to support robust and often far-reaching remote workforces during the pandemic. As a result, they realized the many benefits of relying on them. From reduced IT costs and improved uptime, to increased agility and elasticity, to experiencing DevOps-friendly environments, according to recent research from the Cloud Security Alliance (CSA) and AlgoSec.
Armed with these reasons to increase moves of organizational workloads to the cloud, spending on cloud services has not only grown exponentially during the pandemic, but will keep on rising as we now endeavour to return to some sense of normalcy.
Approximately 70 percent of organizations currently leveraging cloud services plan to expand these investments as we attempt to move on from COVID-related disruptions, according to forecasts from research firm Gartner. Additionally, IT spending overall is shifting focus to cloud. This trend is expected to persist all the way through 2024, Garter finds. And I’m betting we’ll see sustained spikes well after.
Securing the cloud
Cybersecurity and IT teams’ somewhat meteoric shift of focus to cloud — especially in the past year or two — is triggering yet another head-spinning challenge: A demand for more cloud- and cloud security-focused expertise on their teams.
According to Burning Glass Technologies, a labor market analytics firm, the second-fastest growing cybersecurity skill needed over the next five years is cloud security, following on the heels of application security development. It turns out that taking on new and ever-changing demands managing and securing their digitally transforming infrastructures — which now also sees the C-Suite eyeing strategic business initiatives aiming for robust post-pandemic growth — is emphasizing the requirement to more nimbly adapt. And this, of course, necessitates growing and steady investment in cloud, cloud security, and cloud auditing training and education.
All the while exacerbating this is the intensity and volume of varying cyberattacks being successfully launched at government and private entities alike. Just think Kaseya, SolarWinds, the Colonial Pipeline, the Microsoft Exchange mass cyberassault, the recent misconfigured AWS S3 buckets that compromised residents’ data in more than 80 U.S. towns, the poisoning of a Florida-based water utility by means of a cyberattack … the list goes on.
Optimistically, there’s an increasingly positive association between cloud technology and cybersecurity, according to a recent survey by industry analyst firm ESG, “2021 Data Protection Cloud Strategies.” Approximately 90 percent of the IT practitioners responding said that cloud computing actually has enabled their organizations to better and/or more cost-efficiently safeguard their data assets.
Nevertheless, due to the complexity of managing cloud services alongside some of the legacy systems on which many companies still rely, establishing and continually updating related cyber resiliency strategies that touch on these and still other needs is proving not only an individual corporate requirement but also an industry-wide necessity. It’s therefore imperative for private entities, a range of government agencies, and other industry bodies like us at CSA to actively and persistently engage, partner, and share intelligence and guidance.
To help illustrate this, our global, vendor-neutral non-profit has more than 400 international corporate and cloud-service-provider members, some 100,000 individual members, over 100 chapters worldwide, and a bevy of research working groups coming together to proliferate security controls, assessments, research assets, training/education programs, professional certificates, professional networking/learning events, and so much more.
We’ve partnered with the likes of:
- Center for Internet Security
- PCI Security Standards Council
- National Institute of Standards and Technology
- Cybersecurity Infrastructure and Security Agency
We’ve also partnered with other non-profits like International Consortium of Minority Cybersecurity Professionals and Women in Cybersecurity, and additional industry groups to share knowledge, advice and best practices on how to safeguard our growing and far-reaching cloud infrastructures today and in the future.
Now more than ever, there is an overwhelming C-suite focus on cybersecurity. That once missing seat at the table is firmly in place, with IT decision-makers engaged with other executive leaders on a number of tactical and strategic business initiatives. There’s much to be done. We all have our parts to play, and together we can take on the urgent call to protect our new and transforming digital landscape.