3 Phases of Current State of Cloud Security

If you are building a Cloud Security Program Roadmap this article is for you to understand the Current State of Cloud Security Market ?? in 2024 - atleast the Customer side

There are 3 Phases to the kind of Cloud Security Challenges at the?moment in the market and they are driven by how divided the market is in terms of Cloud Adoption.

?? The division ranges from companies who have not moved into any public cloud, all the way upto?companies who have been using 1 or more public cloud for a few years now.

1?? Phase 1?- For companies who have never been in a Public Cloud

?? Challenge?-?Asset Management with visibility of the cloud through understanding of the Assets/resources or compliance/regulatory requirement in their future public cloud.?

Things to look out for in Phase 1- Keeping an eye on any?the current Proof of Concept running in a public cloud will become production if it supersedes?expectation from the?project.

2?? Phase 2?- For companies who have been in 1 Public Cloud for 1-3yrs

?? Challenge?- Asset Management and Compliance Visibility is available but complex especially if your organization is using complex forms of compute e.g Container, Kubernetes, Managed services from your public cloud instead of building your own server.?The 2nd challenge for security at this stage, will be the decision making between using the public cloud provided services (more economical) or buying a 3rd party service for security (expensive in some cases comparatively) in public cloud to get a grip on the cloud security alerts.?

Things to look out for in Phase 2- If you don't have complex compute e.g you only use virtual servers from the public cloud you work in don't get bought into buying a CNAPP when a good enough CSPM would suffice the stage you are at. Don't get me started me on Agent vs Agentless (that's for another day from me)

Buying a Ferrari when a Toyota could do just fine

3?? Phase 3?- For companies who have been in more than 1 Public Cloud for 1-3yrs

?? Challenge?- The challenge at this stage is usually getting visibility cross multiple cloud providers with each having their own labeling, APIs, amount of native services consumed from each cloud provider.?Having an understanding of the Assets/resources or compliance/regulatory requirement and kind of compute and what kind of security products address which problem of the multi-cloud space are the data to be tracked to make sound long term security decisions in these companies.?

Things to look out for in Phase 3- Most likely you have a CNAPP in your organization and possibly also a wall of red alerts that someone has to go through. At this scale, the security teams role is where most of the gotchas are. Providing the alerts to SOC teams so the appropriate level of alarms can be raised while Cloud Security team work on long term remediation (this linkedin poll?is also helpful here)

Overall the Cloud Security Market is tracking these 3 Phases. You can go into more details if you like but broadly this is the current state of the Cloud Security market.

Question for you - yes you! - Did I miss anything in stating the current state of cloud security?

Looking to build a Cloud Security Program Template? - you might find this Linkedin Course helpful as the over 1500+ CyberSecurity Leaders who have gone through this so far.

Do you know someone working in Cloud Security? Do Re-Post or tag them in the comment so they can share their experience here too.