Light Dark
October 10, 2024 By Doug Bonderud 4 min read
Artificial Intelligence
Cloud Security

Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.

With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud resources.

Reality, however, isn’t so cut-and-dry. Here’s a look at the current state of public perception, where enterprises still encounter cloud issues and how familiar concerns have a new focus: AI.

Public perception on cloud computing

Cloud computing has always had a perception problem. From the perspective of enterprise C-suites and IT teams, public clouds meant bigger attack surfaces combined with lower visibility, giving attackers the upper hand.

Meanwhile, from the perspective of consumers — which all C-suite and IT team members become on their days off — the cloud came with massive potential. From file and photo storage to streaming video services and worldwide e-commerce, the public cloud quickly became commonplace in public life.

So why the disconnect? In large part, enterprises were concerned about the man behind the curtain. While many providers were long on promises, they were short on details. The result was a “shared responsibility” model that saw both customer and provider playing a role in data defense, but neither one was entirely clear on what that role entailed. This was exemplified by a Capital One data breach in 2019, which saw both the bank and its cloud partner, AWS, under scrutiny for their security.

To help address these concerns, cloud providers doubled down on security. In 2021, Amazon, Google, IBM and Apple pledged $30 billion to help address growing security concerns. It worked: In 2024, 94% of businesses reported improvement in security after moving to the cloud. Or consider the results of Flexera’s State of the Cloud Report: In 2020, security was the top concern among executives. In 2024, security has fallen to second place.

The data tells the tale: Enterprise public cloud perception is changing.

Slowly.

Strengthen your cloud defenses

Ongoing cloud challenges

While cloud providers have made significant strides in addressing security concerns, other issues remain.

For example, the top challenge in Flexera’s 2024 State of the Cloud Report is managing cloud spend, cited by 82% of enterprises, while lack of resources and expertise comes in third with 79%.

When it comes to cloud spending, there’s no easy answer. In fact, ease is sometimes the issue. As providers streamline the process of purchasing, deploying and integrating cloud-based applications and services, it’s easy for enterprises to lose track of exactly what they have, exactly where it is and exactly how much it costs.

It’s no surprise that spending shows up twice on the Flexera report: Once in the top spot for cloud spend at large and again in fourth place as companies struggle to manage software licenses across multiple clouds and applications.

Lack of resources and expertise, meanwhile, remains a persistent challenge for enterprises. According to research from Software One, 95% of businesses now face a cloud and IT skills gap. While upskilling current staff can help reduce the impact of this gap, the expansion of public cloud environments creates the longer term problem of doing more work with fewer people. While it’s possible to task IT teams with handling the public cloud in addition to other line-of-business objectives, the results can lead back to the original concern with cloud deployments: Reduced security.

What’s old is new again

Even as enterprises come to terms with the necessity and ubiquity of the cloud, a new challenge has emerged: AI.

Much like the public cloud, artificial intelligence has the potential to change the way enterprises do business. But it also opens new avenues for security compromise, leading many companies to remain cautious of AI adoption.

In some cases, this means limiting the scope of AI in enterprise environments. For example, organizations might leverage AI in process automation but shy away from using generative tools for content creation or sales efforts. They might deploy AI solutions to analyze disparate data but only trust humans to turn output into action.

The result is a perceptive landscape that is both similar and distinct from its cloud predecessor. Consider recent data from Gartner, which found that the top concern cities by companies in Q2 2024 were AI-enhanced malicious attacks. This aligns with historic worries about the public cloud as a path to compromise — if attackers could access shared resources, they could potentially cause inter-departmental chaos.

AI, however, comes with a unique concern: Evolution. While cloud-based threats made use of expanded attack surfaces, they remained fundamentally the same as their previous-generation counterparts: If tools didn’t work, it was back to the drawing board for malicious actors.

In the case of AI, meanwhile, code isn’t static. Instead, both failure and success inform the next iteration of ransomware tools or Malware-as-a-Service offerings. This ongoing improvement is similarly present on the protective side of AI adoption, but in both cases — attack and defense — the approach to AI is naturally different than that of the cloud.

The reality of cloud security

Cloud security has evolved from nebulous assurance to core component of public offerings. The results speak for themselves: More enterprises are adopting the public cloud, more enterprises are reporting improved security and fewer companies are citing security as their to-cloud challenge.

AI, meanwhile, has stepped up to take on the role of top security concern. In much the same way as cloud computing, some concerns around AI security are overblown — as the market diversifies and standardization becomes critical, companies can expect common security issues to be effectively resolved.

Where AI and cloud go their separate ways, however, is in the evolution of future threats. While cloud frameworks have changed to meet new corporate needs, they remain fundamentally bound by basic infrastructure. AI has no such limits, making it harder to predict the course of its development over time.

The reality? Cloud perception has shifted to reward. The rise of AI, however, now underpins a renewed focus on enterprise cybersecurity risk.

 |  |  |  | 
Doug Bonderud
Writer

More from Artificial Intelligence
October 8, 2024

Is AI saving jobs… or taking them?

3 min read - Artificial intelligence (AI) is coming to take your cybersecurity job. Or, AI will save your job.Well, which is it?As with all things security-related, AI-related and employment-related, it's complicated.How AI creates jobsA major reason it's complicated is that AI is helping to increase the demand for cybersecurity professionals in two broad ways. First, malicious actors use AI to get past security defenses and raise the overall risk of data breaches. The bad guys can increasingly use AI-based tools for improved reconnaissance…

October 3, 2024

Trends: Hardware gets AI updates in 2024

4 min read - The surge in artificial intelligence (AI) usage over the past two and a half years has dramatically changed not only software but hardware as well. As AI usage continues to evolve, PC makers have found in AI an opportunity to improve end-user devices by offering AI-specific hardware and marketing them as "AI PCs."Pre-AI hardware, adapted for AIA few years ago, AI often depended on hardware that was not explicitly designed for AI. One example is graphics processors. Nvidia Graphics Processing…

September 24, 2024

SANS Institute: Top 5 dangerous cyberattack techniques in 2024

4 min read - The SANS Institute — a leading authority in cybersecurity research, education and certification — released its annual Top Attacks and Threats Report. This report provides insights into the evolving threat landscape, identifying the most prevalent and dangerous cyberattack techniques that organizations need to prepare for.This year’s report also highlighted the main takeaways from the SANS keynote hosted at the annual conference. During the keynote presentation, five new cybersecurity attacks were identified and discussed by key SANS members along with suggested…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature