We’ve all heard dire predictions about the future of cybersecurity trends, especially cloud security. Internet of things (IoT) environments will expand the attack surface beyond control and encourage breaches. Hybrid offices will always pose a greater risk as cyber criminals exploit flex and remote work. Insecure application programming interfaces (APIs) will open the door to attacks. Attackers will hijack employee accounts. Cloud resources will lack visibility.

But what if these threats and risks are overblown? Here’s why all these dire predictions about cloud security might never come to pass.

Prediction: The Out-Of-Control IoT Attack Surface

Employees install random, internet-connected devices like coffee makers that connect to the network but which those employees don’t even consider IT devices. Office equipment. Mobile gadgets. Wearables meant to make them more productive. Sensor-based warehouse devices. All manner of shadow and orphaned IT. And each device could be a door into the network for threat actors.

This risk is largely one of knowledge and scale. It’s the devices that you don’t know about that can’t be secured. And the sheer number of devices can overwhelm.

But just as the coming years involve an explosion in the number of devices, mostly driven by the IoT boom, tools become more automated and intelligent. The IoT will be made much more secure by artificial intelligence (AI)-based network automation tools that find and inventory all the IoT devices connecting to a network. Enabling automated action in the event of a discovered incident will have to become mainstream. We’ll bring the feared out-of-control attack surface under control with intelligent automation.

Prediction: Hybrid Work Poses Risks

When it comes to cloud security and more, the post-pandemic world won’t return to where it was before 2020. Experts agree that, although specifics will vary from company to company and industry to industry, in general far more people will work remotely, at least part time.

Remote work security feels like a paradox, as employees can’t secure home offices as a matter of policy. Users do their own ‘tech support’ and often even provision their own devices and equipment. Employees are using weak passwords and connecting over consumer or public networks. Arbitrary and unknown devices share the networks they use.

Many employees switched to work from home in 2020. At its peak, some 42% of the American workforce worked from home, according to a Stanford Research study. At the same time, cyber criminals took notice and got to work exploiting this unplanned scenario. Facing a future of hybrid work, flex work and remote work, crystal balls predict disaster.

But the world when we were unprepared won’t look like the future, when we know how to plan for hybrid work. We can now apply the zero trust model to devices and resources connected in the office, in the home and on the road. In fact, the use of zero trust for at-home workers is already rising fast. That means no more device sharing, no more password sharing and no more clicking on links from strangers and letting their payloads run wild on the network.

Prediction: Insecure APIs Will Open Doors to Attack

Analysts and security experts have been warning that API breaches are becoming more common, predicting that threat actors will make APIs the next big attack vector.

One problem with APIs is that already over-tasked security and IT pros assume that somehow defense is built in or will take care of itself.

Once largely reserved for connecting internal applications, APIs are now used to connect internal apps to suppliers, partners and customers. APIs have become a key part of digital growth. With their growing external use, and the relative ease for exploiting insecure APIs, the predictions of a crisis to come make sense. Accessing an insecure API can open up all the data that API has access to (including, for example, customer data).

But will this really turn out to become a major future crisis? Maybe not.

Best practices around securing APIs are likely to become widespread, given the risks. These include designing APIs with default deny policies and strong verification measures. All API data must be encrypted without hurting performance. And API calls need to be authenticated at every layer. Use password hash, HTTPS, secure URLs and other measures. You’ll notice that all these practices are rising in usage, and will likely continue to do so.

Prediction: Cloud Security Hurt by Low Visibility

A well-known lack of visibility has hampered cloud adoption in recent years. It stands to reason that this lack of insight, and the threats that lurk in that darkness, will grow into a major problem. After all, complex hybrid cloud setups are becoming more common.

The reasons for this lack of visibility are many. Among these is that the agents provided by public cloud providers work by processing the metadata they collect. That isn’t deep enough to identify all the security issues potentially present, or examine data traveling between public clouds and private infrastructure. Relying on public cloud agents leaves blind spots.

It’s becoming clear to many teams that managing your own security platform is mandatory. That means having cloud security posture management that discovers and helps you address risks across any place storing data, including across many cloud environments. As more groups embrace such cloud-native tools, the visibility and safety crises from complex hybrid cloud environments might not be as big a problem as predicted.

Be Ready for Tomorrow’s Cloud Security and Beyond

In short, the doom-and-gloom predictions largely rely on tomorrow’s threats facing yesterday’s defenses. But there’s reason for optimism that tomorrow’s defenses will rise to the challenge.

Of course, some threats will remain, and even grow. But widespread disaster predicted on multiple fronts just might not ever happen, thanks to evolving tools and evolving thinking.

More from Cloud Security

Cloud threat report: Possible trend in cloud credential “oversaturation”

3 min read - For years now, the dark web has built and maintained its own evolving economy, supported by the acquisition and sales of stolen data, user login credentials and business IP. But much like any market today, the dark web economy is subject to supply and demand.A recent X-Force Cloud Threat Landscape Report has shed light on this fact, revealing a new trend in the average prices for stolen cloud access credentials. Since 2022, there has been a steady decrease in market…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today