Nobody doubts that the importance of the cloud will continue to increase. But what will happen with cloud risks, and what will happen with cloud security? What should companies prepare for in 2022? We took a closer look at the forecasts from analyst firms and evaluated them. Looking at the predictions of market researchers, too loud computing in general, and cloud security in particular, there is no getting around the new work models such as hybrid work.
Hybrid Work Further Increases Cloud Risks
“The pandemic has undoubtedly accelerated the transformation of work and remote work,” says Sabrina Schmitt, IDC’s senior consultant, and project manager. Seventy-nine percent of the companies are planning a new or changed workplace model, 36 percent of them a mixture of being present at the company location and remote work – i.e., a hybrid workplace model. Office centricity is passé in this country as well. Eleven percent even want to give up their office space entirely and are pursuing a purely virtual approach. Or flexible work on the go, in the home office, in the classic office, and at a shared desk (desk sharing), cloud services are indispensable as the basis of the digital workplace.
Of course, this also applies to the year 2022. In the coming months, awareness will increase that hybrid work requires more security for end devices and secure connections and more sophisticated identity and authorization management for the cloud services used. With hybrid work, not only will the IAM solution increasingly come from the cloud, but conversely, the cloud services need IAM functions that map everything that has also been regulated in the on-premises IT and would also have cloud-specific permissions.
Cloud Structures Are Still Too Complex
Also, the next point that will affect cloud security in 2022 is a continuation of the challenges that have already started this year and before. Because of the increasing use of the cloud, this problem is also getting bigger, namely the cloud complexity. According to the Digital Trust Insights 2022 study by the auditing and consulting firm PwC. Eighty-five percent also say the same about the cloud environments used.
Relationships with suppliers are also complex in some cases: around a third (32%) of managers in Germany have little or no understanding of the IT and software risks in their supply chain. The relationships with sub-service providers are also opaque for 30 percent of those surveyed and with providers of cloud solutions (29 percent). As is well known, ambiguities and a lack of transparency are the ideal breeding ground for errors and security gaps, such as shadow IT in cloud services and faulty cloud configurations. Therefore, companies urgently need transparency in their cloud structures and supply relationships.
Cloud Strategies Are Still Incomplete
Until now, the cloud has only been an element of information technology. In the future, it will be the central component and the dominant design principle, according to IDC. Therefore, organizations must quickly align their cloud strategies and IT infrastructure to prepare for a future of integrated IT landscapes in which a complete abstraction of hardware, automation, networking, cloud-native, colocation, and edge computing play a central role to play.
Certain emerging cloud developments should be examined from a security perspective: 80 percent of those surveyed by IDC use different cloud types, with the hybrid cloud clearly being the dominant model. The companies usually focus on a hyperscaler or infrastructure provider with whom they gradually deepen their cooperation.
A second hyper scale is being considered or evaluated to be able to benchmark or to be able to use services on a selective basis. Only very large companies pursue a strategy that includes multiple hyperscalers. But that means organizations need to focus less on multi-cloud security and more on hybrid-cloud security. However, this is no simplification, as it seems that only the on-premises IT and a cloud provider have to be taken into account in the security concept.
Instead, this means a greater dependency on the security of the chosen cloud provider as part of the shared responsibility: the cloud security of the chosen provider has the highest priority. In addition, additional cloud security solutions must be selected and configured for the cloud service of choice. In the future, it will therefore be less about managing the various cloud security functions in multi-clouds and more about precise control and monitoring of the cloud provider of choice, of one’s cloud security tasks ( shared responsibility ), and on-premises security. This must also be considered in the concepts for cloud availability and reliability.
Security By Design Can No Longer Be Missing In The Cloud.
The cloud is a critical factor for next-generation digital business. According to IDC, application modernization and development for and in the cloud are increasing enablers of high speed, flexibility, and agility. Companies have a comprehensive tool set of solutions, processes, and methods with DevOps at their core. Mastering this complex situation is anything but trivial.
One of the biggest risks is holes in the security chain. Although many different security tools are available to companies with Cloud Native and DevOps, and many solutions available on the market are clear evidence of the complexity and diversity of the topic, they are not used extensively. But security by design obviously cannot succeed, not in the cloud and the applications developed in the cloud. Companies must therefore promote using suitable security tools for development and cloud development.