The Evolution of Cloud Security and Privacy Technologies
In the last two years, organizations have accelerated digitization and cloud transformation to offer customers digital services from anywhere while balancing requirements for cyber resilience. Security and privacy technologies have advanced to a new level to allow for such a rapid shift to the cloud.
We'll go over three of the study's most important findings in this article.
Despite the hurdles, employing multi-cloud
Organizations are still using hybrid clouds (a blend of cloud and on-premises workloads), but most of them want to use more than one cloud platform. In order to make use of the finest technological features available on each cloud platform, 29% of respondents said they preferred multi-cloud implementation. Organization A, for example, employs Amazon Web Services (AWS) for its infrastructure as a service (IaaS), Microsoft Azure for its office utility services (SaaS), and Google Cloud Platform for its business analytics platform (BaaS) (GCP). Instead of relying on a single vendor, this company developed a best-fit technology mix based on its own capabilities, high availability needs, and currently in-use technological compatibilities.
It's hardly surprising that the most frequently cited rationale for a multi-cloud strategy, avoiding vendor lock-in, is the second most frequently cited reason (21 percent). Increasing portability and flexibility without being tethered to a single cloud platform is something that organizations want. Some firms are willing to give up unique vendor features to make their software more scalable.
?A regulatory obligation to avoid cloud concentration risk accounts for the remaining sixteen percent of the justifications for implementing this method. Over-reliance on a single service provider to support critical business services is a concern for regulators, who want to avoid any negative impact on the cloud service provider (CSP) that could significantly harm their business.
Multi-cloud challenges
Multi-cloud skill availability is crucial (26 percent). Multiple cloud platforms require tech-savvy workers. Other skills challenges include understanding architectural differences in many cloud platforms (22%) and managing security policies (18%) across a large array of services and products on different cloud providers. The next problem is getting a full view of all resources, governance, and risk across different cloud platforms and on-premises (20 percent).
?With more public suppliers, developers must keep code consistent across platforms and interface points. Automating security testing during continuous integration, code development, and containerization reduces risk.
One-third favor private clouds.
Private cloud (30%) is a favorite among hybrid cloud, public, and on-premises deployment options. Data residency, data sovereignty, and local legislation are key reasons to choose a private cloud.
领英推荐
Privacy by Design deployment and maturity lagging
Two-thirds of firms (65 percent) are either creating or planning to implement privacy by design strategies, with only 8 percent having a fully developed strategy in place. Even though stricter privacy requirements have been in place for three years now (ex: the GDPR in 2014, the Central Consumer Protection Authority (CCPA) in 2020), enterprises have been increasing the pace of their implementation.
Regulatory compliance is the most mature category of data privacy by design. Over the years, national and international rules and regulations have had the greatest impact on privacy enforcement. Data discovery and governance, according to most survey participants, have not yet attained maturity (60 percent). Given that governance and oversight are major concerns for multi-cloud adoption, this looks to be an area for improvement.
In the next two years, Zero Trust, AI/ML, and serverless will grow.
With the constant advancement of cloud computing, there are a few technology principles that are clearly influencing enterprises as they intend to deploy in the next two years. Zero trust (60 percent), AI or machine learning (43 percent), and serverless computing are the most influential concepts (42 percent).
Zero Trust
In the pandemic era, perimeter-based security control was wiped out by remote working and greater use of online enterprises, which emphasized zero trust, the principle of "trust no one, verify everyone." Nearly half (45 percent) of the firms are planning to build zero trust architectures, and more than a quarter (28 percent) have already done so to some level. At the time the study was written, zero-trust concepts had only been fully implemented in 8 percent of cases, which showed a lower level of maturity for the concept.
Zero trust's "network" domain had the highest level of maturity in terms of domain maturity. Network-based trust formation has been a well-established strategy for many years, so the rationale for its maturity is obvious. Contracts, laws, and policies are the next mature domains after "policy," as these are the primary means by which businesses build trust with one another and within themselves. It's still early days for newer strategies like "identity-based trust" and "data-centric trust" to mature.
Machine learning (ML) and artificial intelligence (AI)
As the COVID pandemic enters its second year, many organizations are still grappling with the epidemic and its effects. Automated systems powered by artificial intelligence (AI) and machine learning (ML) have emerged to attain operational excellence, cost efficiency, and business resilience.
It has been used to monitor anomalies, analyze user behaviors, detect malware, and prevent cyberattacks in the cyber security area by using AI/ML technology. Machine learning models are being used to search for threats, produce security intelligence, and reduce false positives in the fight against cybercrime.
Serverless Computing
The increasing use of cloud provider services like AWS Lambda, Google Cloud Functions, Azure Functions, and others has led to the popularity of serverless computing. There is no need to establish a virtual server, an operating system, or web hosting with serverless functions. As the financial and resource benefits of serverless continue to expand, so has the acceptance of containerized application deployment. Security teams are concerned that serverless scripts and container images are not yet mature enough to be built securely.