7 Cloud Security Trends That May Impact Your Cloud Security Planning
From leading CSPs to growing interest in multicloud, here’s what’s trending in measurable search traffic around cloud security - and what it means for security and IT teams.
What is changing in cloud security, and how should CISOs and IT teams prepare? One way to answer these questions is to, as you surely do, stay up to date on the industry’s analyst reports and thought leadership publications. Another way is to check out search trends, as they are great indicators of undercurrents and shifts in mindset.
This is exactly what we cover in this blog post. We looked at the leading topics in cloud security and analyzed their search volume trends over the past year (2021) and four years back (2018 - 2021). Below are seven interesting trends we discovered.
1. AWS and Azure Are the Leading Cloud Providers
Among the three largest cloud providers – Amazon Web Services, Microsoft Azure and Google Cloud Platform – “AWS” and “Azure” are the two most searched for terms, while GCP lags far, far behind. This corresponds somewhat to their market share -- AWS at 32%, Azure at 19% and GCP at 7% (as of Q1 2021, according to research firm Canalys).
It’s interesting to note that 2021 was the first year in which “Azure” searches exceeded “AWS” searches. This is aligned with growing Azure adoption among IT teams.
This shift to Azure could be due to many reasons, but one may well be the rapid advance of more enterprises through digital transformation and “cloudification” of their infrastructure. Since Microsoft is often the chosen suite for enterprises, the transition to Azure is a natural one, and possibly more cost-effective. Other reasons may include Azure’s capabilities, pricing and marketing.
How to prepare: Whichever cloud provider you are using, you are not married to it. It’s good to have options. Research other cloud providers and see how they might answer different needs you have. Whichever you choose to adopt, make sure you have the security details fleshed out, and especially what the cloud provider is responsible for and what you are responsible for (a.k.a. the provider’s “shared responsibility model”). Read more here for GCP security, and here for AWS security. Also, be sure your cloud security tools support a multicloud model.
2. DevOps Became Stronger Than SREs
SREs (Site Reliability Engineers) are the employees who are in charge of implementing services that support IT. They make sure systems and tools run smoothly from an operational aspect. DevOps (Developer Operations), a role somewhat similar to SREs, focus on the operations of software delivery pipelines, while making sure the pipelines are continuous and automated.
In 2019, the search volume for “DevOps” exceeded the “SRE” search volume, although “SRE” remained relatively high. This change could be due to the acceleration of cloud adoption and shift left trends, alongside development of more advanced automation technologies. As we build and deliver more software faster, there is a growing need for DevOps and explosive growth in that cloud area. This search trend may also flag the cloud expertise gap that many organizations are already aware of: not enough skilled DevOps professionals to meet demand.
It’s interesting to note that “DevSecOps” and “Cloud Architect” do not have high or increasing search volumes. These roles may be on the wane – as is rumored to be the case for DevSecOps – or the lack of strong interest may indicate that widespread cloud adoption and pursuit of such roles is yet to come.
How to prepare: On a personal-professional level, whether you are a DevOps engineer, an SRE engineer or an engineering team manager, the important thing to do is brush up on skills that cloud teams need today and in the future. Learn about and get certified in automation, CI/CD and cloud security to make yourself invaluable to your organization and of great value to the market. As an organization, focus on cloud security tools that are credibly endorsed for reducing workload through automation, simplicity and visibility.
3. Cloud Security is Gaining Traction in the US
The adoption of the public cloud as a means for scaling infrastructure, platforms and applications has also introduced new security concerns. Cloud misconfigurations, cloud ransomware and risky cloud IAM are just some examples of potentially catastrophic cloud security risks.
As they become aware of or even experience these potential cloud security vulnerabilities, security and IT teams may be searching for information on what these risks entail and how to protect their organizations against them. At least, this is what may be surmised from the gradual uptick in search volumes of “cloud security” in the US.
It’s also interesting to see that the “cloud security” search volume trend is fairly aligned with the search volume trend for “cloud computing” (their ebbs and flows are pretty much aligned). This might indicate that whoever is looking for cloud security is also interested in cloud adoption. However, the gap in the search volume also shows that not all cloud adopters immediately think of security.
How to prepare: Cloud security should go hand in hand with cloud adoption. For every cloud computing action that you take, make sure to find out the security aspects of it, and to choose the right tools and vendors that will help secure your organization.
4. CIOs Are Stronger Than Any Security Role
Despite what many of us in the cybersecurity industry might think, not everyone thinks or dreams (we’re not judging…) about security vulnerabilities. Compared to the CIO role, search volumes on security roles presented as very low.
We compared CISOs to CIOs, cloud engineers, cloud architects and security engineers:
This could mean that CIOs still have more power and leverage in the enterprise, and that their impact in organizations is bigger. It could also show that while many organizations have CIOs, the security role is still emerging and not all organizations have caught up to recognize its value.
How to prepare: If you’re a security person and want to lead processes in your organization, here’s how to get started to make an impact.
5. Interest in Cloud Security is Growing
Network security is the security of legacy infrastructure, usually on-premises servers. Cloud security is the security of agile, cloud infrastructure – and includes security across cloud identities, network, data and compute resources. While interest in network security has been fairly stable over the past years, interest in cloud security is growing.
The closing of the gap is a good indicator of progress in digital transformation execution, with more companies moving to hybrid cloud or a cloud-native infrastructure. We predict that this gap will close in the upcoming year, and that in 2023 interest in cloud security will surpass network security.
How to prepare: If you are involved with your organization’s IT infrastructure and/or shift to cloud:
- Stay on top of cloud security trends and requirements, and incorporate them in your plans and company updates.
- Introduce cloud security as an invaluable component of the business strategy.
- Keep teams close together, as IT and security are becoming more and more interlinked, and suggest processes for collaboration and removing silos.
6. Multicloud is Gaining Popularity
Multicloud is the use of the cloud services of more than one provider in a single architecture. Organizations using multicloud architectures can enjoy the unique benefits of each cloud they’re using, as well as flexibility, cost efficiencies and redundancy. With the growth in search volumes, we can assume multicloud architecture benefits are becoming enticing to more and more organizations; the growth may also point to cloud expansion across providers resulting from mergers and acquisitions.
How to prepare: Multicloud also introduces complexities, like the need to operationalize each cloud and across clouds, and streamline security and privacy controls to ensure no new vulnerabilities are created. When “going multi,” treat each cloud as a separate solution you need to master but also make sure you know how the clouds integrate. Make sure your security and compliance solutions work consistently across your clouds. Otherwise, your multicloud architecture may quickly rain on your security parade.
7. Interest in Ransomware Grows with High Profile Attacks
The number of ransomware attacks grew in 2021, alongside demands for higher ransoms. On Google, high-profile attacks were accompanied by significantly higher search volumes. This likely suggests greater awareness and a sense of vulnerability around ransomware, prompting greater interest.
In the chart below, we can see search volumes for “ransomware” throughout 2021. It’s fairly safe to assume that the peaks from April to July are related to the huge Colonial Pipeline attack (May 2021), the JBS attack (which came to light in June 2021), the Kaseya VSA attack (July 2021) and the Kronos attack (December 2021).
How to prepare: There are multiple solutions that can help prevent ransomware attacks, each targeting different angles. From a cloud infrastructure perspective, misconfigurations could lead to exposure that is vulnerable to ransomware attacks.
Google Trends is a good indicator of, well, trends, and helps security professionals and stakeholders -- including cloud security, IAM managers, CISOs, CIOs, cloud engineers and DevOps -- keep their finger on the pulse of what is changing in the industry. We’ve highlighted here a few main trends that we spotted. Many reflect what we’re seeing in the industry and as experienced by our customers as they scale their cloud use and seek to reduce its risk.