Many organizations have cloud security on their minds going into 2022. In April 2021, for instance, Gartner predicted that global end-user spending on cloud management and security services would reach $18 million the following year. That’s a growth of 30% over the previous two years.

The forecasts discussed above raise an important question. Where exactly will these businesses and agencies be committing their cloud security spending in 2022? There are three trends to watch over the next 12 months. Keep an eye on cybersecurity mesh, hybrid and multi-cloud environments and cloud-native tools and platforms.

Cloud Security Trend #1: Cybersecurity Mesh

In its list of top strategic tech trends for 2022, Gartner defined cybersecurity mesh as “a flexible, composable architecture that integrates widely distributed and disparate security services.” It provides a means of verifying identity, context and policy adherence across all relevant environments, including the cloud. As such, it’s smart to use a cybersecurity mesh architecture as part of broader defensive approaches.

Niel Harper, a CISO, agrees.

“The goal would be to move perimeters encapsulating data centers to … identities and objects that are not on-premises or on the same network — specifically, users accessing objects from anywhere, anytime and with a variety of device form factors,” he said. “It also enables organizations to bring cloud services into their zero trust architecture and employ adaptive access control with more granular analyses of both subjects and objects.”

To put this in place, invest in a series of controls. These can help to bring zero trust, cloud security and other plans together. Harper pointed out two key cloud-related measures — cloud access security brokers and cloud infrastructure entitlement management. Endpoint detection and response and multi-factor authentication also fit in here, among others.

Trend #2: Hybrid and Multi-Cloud Environments

Cybersecurity mesh and other defense solutions advance more than just zero trust. They can also help to secure hybrid and multi-cloud environments.

Businesses and agencies are turning to these types of strategies more and more. Take the hybrid cloud, for example. Cofense reported that 90% of organizations will be using these to meet their needs by 2022. What that might look like could vary. For some, it could involve a mix of public and private cloud services. For others, it could consist of both in-cloud and on-premises assets. Others might use both.

It’s a similar story with the multi-cloud, a strategy that includes more than one cloud service. In a survey of IT leaders, 95% of respondents said they’re making multi-cloud a strategic priority for their businesses in 2022. About the same percentage (96%) reported that security was top of mind. But only 54% said that they were highly confident in the tools or skills they needed to execute that defensive program. Even more than that (76%) of respondents said that they didn’t feel that their group had invested enough in their multi-cloud project, leaving them ill-prepared to defend against digital threats.

This lack of funding makes another issue worse. That is, the hybrid cloud and multi-cloud environments introduce security challenges. They increase complexity, which reduces visibility.

In response to those obstacles, consider third-party cloud marketplaces such as the AWS Marketplace. These resources can help to provide security teams with software and services that they can use in the cloud.

Trend #3: Cloud-Native Tools and Platforms

Gartner also highlighted the importance of cloud-native platforms for 2022. These empower businesses and agencies to build application architectures that make the most of the cloud. After all, you can’t protect cloud assets the same way as on-premises resources. Internal teams protect the latter. That’s not true for the former, as the shared responsibility model dictates that infosec personnel provide security ‘in’ the cloud only. The cloud service provider is responsible for the security ‘of’ the cloud or safeguarding the physical hosts, network and infrastructure that run the cloud services. This division limits the degree of control that internal teams can have over security efforts.

To make the most of cloud-native tools and platforms, understand what part of the defensive perimeter belongs to you. Then, get the right tools for it. If you don’t, you could leave your business or agency exposed to threat actors who exploit vulnerabilities and misconfigurations in the cloud. This could also make it more costly to recover from a cloud security incident if and when one occurs. Hence the advantage of working with strategic vendor partnerships that bring security and visibility together.

Why Is Cloud Security Important for 2022?

Businesses and agencies will likely be moving more services to the cloud in the coming year. According to ITProPortal, 28% of spending in key IT segments will migrate to the cloud in 2022. This increase in cloud-based services will affect $1.3 trillion in IT spending.

In response, business leaders need to pay attention to securing their cloud-based services. Cybersecurity mesh, multi- and hybrid-cloud security strategies and cloud-native tools can help them to do that.

More from Cloud Security

Is Your Critical SaaS Data Secure?

4 min read - Increasingly sophisticated adversaries create a significant challenge as organizations increasingly use Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) to deliver applications and services. This mesh of cloud-based applications and services creates new complexities for security teams. But attackers need only one success, while defenders need to succeed 100% of the time. Organizations are contending with an exponential rise in advanced threats that are not only increasing in volume but also sophistication. The IBM Cost of Data Breach Report 2022 found…

4 min read

Rationalizing Your Hybrid Cloud Security Tools

3 min read - As cyber incidents rise and threat landscapes widen, more security tools have emerged to protect the hybrid cloud ecosystem. As a result, security leaders must rapidly assess their hybrid security tools to move toward a centralized toolset and optimize cost without compromising their security posture. Unfortunately, those same leaders face a variety of challenges. One of these challenges is that many security solutions create confusion and provide a false sense of security. Another is that multiple tools provide duplication coverage…

3 min read

New Generation of Phishing Hides Behind Trusted Services

4 min read - The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion of cloud computing, even more Software-as-a-Service (SaaS) based phishing schemes are possible. Phishing tactics have evolved faster than ever, and the variety of attacks continues to grow. Security pros need to be aware. SaaS to SaaS Phishing Instead of building…

4 min read

The Importance of Modern-Day Data Security Platforms

4 min read - Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

4 min read