The public cloud market is maturing, and we expect to see a huge appetite for cloud security in 2019. Businesses aren’t just experimenting with the public cloud anymore, and now that more customers have critical infrastructure and workloads on platforms like AWS and Microsoft Azure, they’re realizing they need purpose-built cloud security solutions to help them protect workloads moving to these platforms.
As workload migration accelerates to the public cloud, security risk professionals will need to get more actively involved in their DevOps team’s processes, so they can automate the application of governance and compliance controls. It’s not about dictating what tools the team uses, but verifying that controls are being met and helping the builders build securely. After all, configuration errors can be easy to make as people try to use new cloud services they might not fully understand. That’s why I expect to see more teams embracing automation to continuously monitor cloud security and remediate problems automatically.
Providing these types of automated cloud security controls will be more important than ever in the year ahead because cyber criminals are getting better at finding compromised credentials or access keys and exploiting them. In fact, Gartner predicts that by 2020, 80 percent of cloud breaches will be due to customer misconfiguration, mismanaged credentials, or insider theft, not cloud provider vulnerabilities. Cyber criminals will also get more clever at using compromised accounts in ways that will be difficult to detect. Instead of using a massive amount of new resources for cryptomining, which causes a noticeable spike in usage, they’re starting to use already-approved resources and stealing some cycles from those instead, which is easier to hide. I expect to see more attacks like that in 2019.