Cloud security faced significant challenges in 2018, as did other technological areas involving confidential data. According to an article by cloud data security provider CloudCodes, failure to adopt updated cloud storage security elements led to a number of security breaches.
The article referenced a security report, which determined the following issues responsible for cloud security failures:
- Insufficient identity, access, and credential management
- Abuse and nefarious usage of cloud services
- Insecure graphical user interface and APIs
- Shared technology vulnerabilities
- Sudden information leakage
- Advanced persistent threats
- Insufficient due diligence
- Cloud account hijacking
- Denial of service attack
- Malicious insider attacks
- System vulnerabilities
SEE: Research: As overseas business operations grow, so do concerns over cyberwarfare and cybersecurity (Tech Pro Research)
Cloud security improvements needed
Scott Matteson: What’s the primary expectation you have for cloud security in 2019?
Andrew Bunyi: First off, the average cost of a data breach will continue to soar. According to IBM and Ponemon Institute, the average cost of a data breach globally hit $3.86 million in 2018–or a 6.4% increase from just one year earlier. As the online climate grows more dangerous and as the value of critical data stored in the cloud rises, this is one number that you can expect to continue to increase in 2019 and beyond.
Scott Matteson: How will threats evolve?
Andrew Bunyi: The era of the “smart attack” is upon us. Experts agree that 2019 will mark the year where hackers and other people with malicious intentions will start to use more sophisticated techniques than ever before in an attempt to cause damage. More specifically, hackers are finally in a position to create malicious chatbots to try to trick victims into clicking links, downloading rogue files or giving away their passwords and other information. Think of this revolution as “Spear Phishing 2019.”
Scott Matteson: What about privacy? What’s in store?
Andrew Bunyi: Protected privacy will become the new normal. Due in large part to trends like the two mentioned above, 2019 will finally be the year where we start taking securing data seriously. Many experts agree that it will become something we do without thought, like paying taxes. If there’s anything good to come from the dangerous cybersecurity climate, it’s that the standard of constant privacy is one that won’t be a recommendation, but a requirement.
Also, machine learning will play a role in privacy. Also spawned in large part because of the types of negative trends we’re seeing, 2019 will mark the year where artificial intelligence and machine learning are used to create a new era of privacy preserving techniques that empower us as we try to keep our essential data away from prying eyes. We’re very close to a time where we can train computers to prioritize data security the way we do, all without compromising privacy itself.
SEE: Google Cloud Platform: An insider’s guide (TechRepublic download)
Scott Matteson: How will security measures improve for the cloud next year?
Andrew Bunyi: We’ll see a shift towards identity-based application security. 2019 is predicted to be the year when network-based security becomes obsolete and instead, we start thinking about the next stage in online security. In an era where everything is connected to and shared by the cloud, older techniques like firewalls matter less and less.
Instead, we’ll focus on application identities–protecting data within software the same way we guard information related to our own identities, and this will be a major shift in ideology for organizations all over the globe.
Scott Matteson: What do you recommend for IT professionals to focus on in terms of cloud security in 2019?
Andrew Bunyi: A big focus for IT pros in the coming year should surround the automation of security reporting and auditing. With a growing list of cloud services, at times spread across multiple providers, it can become quite cumbersome to keep track of security reporting. Leveraging IT process automation, tools like Microsoft Secure Score, and creating efficient and automated review workflows should be at the top of all our lists next year. Having this information readily available and simple to review can save time and allow for faster responses to emerging cloud security threats.
Scott Matteson: What do you recommend for end users to focus on/be aware of in terms of cloud security in 2019?
Andrew Bunyi: The biggest threat to user security still remains to be social engineering. Phishing emails have seen a resurgence, along with other attacks that rely on the social aspect of our day to day work. End users should focus on being more vigilant with suspicious emails, calls, texts, etc. When your CFO emails and asks you to wire an extra $30k into some new bank account? Maybe make a phone call to verify this, instead of starting that ACH transfer immediately. A bit of common sense will go a long way in 2019.
SEE: Vendor comparison: Microsoft Azure, Amazon AWS, and Google Cloud (Tech Pro Research)
Scott Matteson: How is cloud security spending/investments expected to change?
Andrew Bunyi: Enterprise public cloud spending increased steadily from 2017 to 2018, and this trend will definitely increase as offerings from major cloud providers become more robust and easier to navigate. Public cloud spending for 2018 was at $175B and is expected to grow 17% in 2019. About $10.7B of that spent on cloud management and security services in 2018. We expect that number to grow by at least 20% in 2019, as more companies adopt cloud offerings and warm up to cloud security offering.
While it’s certainly true that not all of these predictions are good news in the strictest sense of the term, there is still something positive to learn from–even the ones that appear negative at first glance. Collectively, these predictions illustrate how far we’ve come, where we are and, most critically, where we need to go for the safest environments possible.