Cloud transformation has become a strategic advantage for many organizations, providing convenience, cost savings, and near-permanent uptimes as compared to on-premises infrastructure. At the same time, the move to the cloud has also increased the attack surface, resulting in an uptick in criminal activity targeting cloud environments. As we roll into 2023, fears about a potential recession and a corresponding desire to cut costs are renewing the urgency to move to the public cloud.
For organizations to successfully secure cloud environments, they must understand the critical risks that can be exploited by attackers to infiltrate cloud environments. As with legitimate activity in the cloud, attackers continue to evolve their approaches, so the challenges faced in 2023 will be different than those faced in 2022 and prior. Here are my top 2023 predictions:
Multicloud environments will continue to compound security challenges
Multicloud offers numerous benefits from avoiding vendor lock-in to reliability, agility, and cost-efficiency. The downside of multicloud is that it dramatically increases complexity—particularly regarding security. The number of services available from the top three public cloud providers (AWS, Azure, and GCP) will surpass 1,000 from 750 today. In an effort to embrace agility and innovation, infosec teams will need to find ways to support these news services as soon as they are available. This will drive enterprises to invest in automated tools that map new services to security and compliance frameworks like NIST, CIS, and others, as those services are made available.
Securing developer environments will become the most critical component
The continuous growth and diversity of application deployments are creating an extensive attack surface for malicious actors. We have seen SolarWinds, Kaseya, and Spring4Shell experience cybersecurity incidents and Log4j demonstrated how many organizations can be impacted due to software vulnerabilities. Securing developer environments will become one of the most critical components for organizations in 2023.
DevSecOps tool sprawl will begin to consolidate
According to Gartner, of the organizations that have implemented a DevSecOps pipeline for cloud security, "these organizations have manually stitched together DevSecOps with 10 or more disparate security tools— some old and some new— each with siloed responsibility and view of application risk." Recognizing the overhead with managing so many tools, and the challenges with achieving consistent policies across cloud providers and services, InfoSec teams will increasingly standardize on broader platforms such as Cloud Native Application Protection Platforms (CNAPP) at the expense of point products such as CSPM, IaC scanners, and CWPP.
Focused approach for data protection
Monitoring and protecting sensitive data across multicloud environments is an unsolved problem for many organizations. When production workloads are moved between multiple public cloud environments, it becomes difficult to track data or access permissions. In 2023, organizations need to adopt new toolsets, new mindsets, and a greater effort to detect, classify, and enforce policies to secure sensitive data. Data protection must be at the center of every cloud security strategy to avoid increasingly high-profile, complex cyberattacks and data breaches.
Do more with less
The current economic climate is pointing toward a trend of tighter budgets in 2023. To combat this challenge, leaders will be consolidating tools, processes, and expertise with a more collaborative approach considering common security denominations across cross-functional teams. It is expected to be ROI focused to boost efficiency and reduce complexity. Essentially, do more with less.
Cybersecurity hiring will continue to remain a challenge
Cybersecurity hiring will continue to remain a challenge heading into 2023 leading CISOs to focus even further on improving the efficiency of their teams. One of the best ways to drive efficiency is to ensure that teams are focused on the most impactful activities at all times. Risk-based prioritization will drive efficiency improvements, allowing teams to meet their goals despite a lower-than-expected headcount.
How to stay safe in 2023
Based on our experience of investigating attacks and related incidents, security leaders need to focus on the following tactics and techniques:
Interested to learn more about how to secure your organization's activities in the cloud in 2023? Click here for Zscaler’s perspectives.
This blog is part of a series of blogs that look ahead to what 2023 will bring for key areas that organizations like yours will face. The next blog in this series covers enterprise security predictions for 2023.