A September Selection of Data
Welcome (officially) to fall, which is unofficially known as "would you hurry up and get to winter already because we all have hay fever and we're sick of sneezing" in my house. Yeah, it's too long to say so we just say "bless you" instead, but we all know what we mean by it.
But that also means I spend a lot of time indoors seeking out surveys and research to share with you all. And boy do I have some varied data for you this month!
I would be remiss, of course, if I didn't chime in on the Cisco-Splunk acquisition, which should surprise absolutely no one. I've been singing the security-is-converging-with-observability song for nearly a year now, and find this to be the existential manifestation of that trend. In fact, I have to ask, who is next? Splunk wasn't the only player out there, and there are a lot more #security companies that need an observability platform. And a lot of enterprises out there need it because their observability capabilities are not as robust as they need to be to operate as a successful digital business. According to New Relic 2023 Observability Forecast the top observability capabilities deployed are:
Still, like #AI, I don't want you to get so fixated on one deal or AI that you miss all the other goodness going on in the market. So let's get on that John-Deere and harvest us some data!
Cloudy with a chance of Security
Cloud shadows (pun intended) just about every other technology and trend. Kinda like AI right now, isn't it? Hmmm....
So I found this HG Insights | Cloud Gaming Market interesting. Now, it says that "in the next two years, the cloud gaming industry is projected to grow by over 300%. Obviously this is a huge opportunity because as a gaming company grows, it needs a ton of cloud “infrastructure” to handle traffic – and protect both its assets and its player base." This is absolutely true. GeForce Now already delivers quite the gaming experience, but there's rumors that all the major gaming companies are moving toward "cloud gaming." Which means lots and lots of infrastructure and app delivery and security and ... hardware. You know, like GPUs from NVIDIA. Oh yeah, cloud gaming is bigly business. So if you don't have that use case on your checklist, add it. Because it's a good one.
So it predicts $76B global spend on cloud security and, get this, "an evolution toward dynamic, just-in-time, short-lived authorization for specific actions based on machine learning from historical access patterns and resource sensitivity." Okay, so this is basically saying "Zero Trust applied to API-like interactions." This did not require significant research or analysis. All the AI in the cloud is supported by APIs. Results in Databricks 2023 State of Data + AI backs that up, finding the number of companies using SaaS LLM APIs has grown 1310% between the end of November 2022 and the beginning of May 2023. The reason that's important is because APIs are authorized on a per-transaction basis. It's one of the more significant differences from application security, which generally applies authorization on a per-session basis. So given the rise of AI, and that's it's likely to be cloud-based for a majority of customers, this seems fairly obvious.
Speaking of cloud security and authorization, Strata offers us its State of Multi-Cloud Identity 2023 in which cloud is mentioned in two of the three top challenges faced by CISOs and practitioners today:
This survey also found that only 41% of respondents were able to consistently apply security policies across multi-cloud properties. I found that interesting because we've (that's the corporate F5 we) have identified this same challenge for like the past ten years in our annual research. This one is ripe for solving, doncha think?
领英推荐
Well, some think #passwordless is the way to solve at least part of this problem, such as Enzoic, which brings us The State of Authentication 2023 ?
Who are you?
From this report we get some spooky stats that belong in a horror-themed October newsletter: a combined 47% of cyber attacks were focused on password credential vulnerability, using password spraying, credential stuffing, and brute force attacks. And why shouldn't they? Nearly 70% of organizations are still relying on username and password combinations for their employees.
Yes, just usernames and passwords. That's why it's so scary because seriously, attackers are honed in on account takeovers these days and to rely solely on username/password credentials is scary as heck! I get at least one "click here to reset your password, ignore this if you didn't request it" e-mail a week. Which means attackers are actively surfing the web looking for accounts to put in their baskets.
The good news is that while 19% have no plans to phase out passwords, 65% plan to phase them out in the next 1-5 years. Gooder news comes from that aforementioned Strata report, because 26% are spending more on passwordless in the next year. So that's a good thing - at least we're starting to move toward something that might frustrate attackers and give us some room to breathe.
Of course, the attackers will eventually adapt, but at least it'll be harder and more expensive to take over accounts.
Onward, October!
Welp, that's it for September. I really don't know what October is going to bring, but I'm sure there will be more security and cloud and AI related data to fill your trick-or-treat basket. Especially security, because October is cybersecurity awareness month.
Now did you ever wonder why it is that cybersecurity awareness happens during spooky month?
Things that make you go ... hmmmm.
Until next month, steer clear of the pollen and stay safe out there!