2019 saw massive growth in the cloud market. The worldwide public cloud services market is projected to grow 17.5 percent in 2019 — totaling $214.3 billion, up from $182.4 billion in 2018, according to Gartner.

Why has there been such a surge in cloud growth? Because as organizations move toward cloud computing, they are benefiting from capital expenditure cost savings and leveraging the flexibility of software-as-a-service (SaaS) solutions. However, as cloud adoption continues, organizations need to ensure they maintain a robust cloud security posture.

To dig deeper into this, as well as inquire about where cloud security will be heading in 2020, I spoke with subject matter expert and IBM Security Program Director for QRadar Cloud, SaaS and MSSP, Chris Collard. Chris is an information security professional with over 15 years of experience managing information systems and services, a Certified Information Systems Security Professional (CISSP) and holds a Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance.

What Happened in Cloud Security in 2019?

Question: As we near the end of the year, what are your key takeaways from the 2019 cloud security market?

Collard: We continue to see a growing number of clients solidify and execute on their cloud-first strategies as well as make inroads into migrating applications, data and workloads to the cloud. Increasingly, cloud is the platform of choice for building new applications as well as acquiring new software services.

For those organizations that have already made the transition, often the focus turns squarely to the challenges of effectively monitoring these environments and building orchestration and augmented intelligence into operations and response capabilities.

Nevertheless, even with the significant momentum that has developed throughout 2019, we are still a fair way off from realizing all the benefits of pure cloud deployments. Our IBM Cloud team estimates that approximately 80 percent of production workloads are still not yet migrated to the cloud. This means that a significant set of the opportunities and discussions about cloud security are still in front of many of us.

As organizations prepare for and design their path to the cloud, they absolutely have the opportunity to reimagine business processes and an imperative to protect and secure their data at each stage in the journey — including the destination. When we look at the security product and solutions market, we continue to see a fragmented one leaving many organizations to attempt to manage a patchwork of point solutions on-premises and in the cloud.

What organizations ultimately need is a cohesive and well-structured set of solutions able to continuously monitor the compliance of multi-cloud and hybrid environments. When teams can better connect their environments and data, they are better positioned to gain security insights and to take action and respond quickly when required. With a unified approach to security, organizations can gain immediate benefits and be better prepared for security in a hybrid, multi-cloud world.

The Evolving Role of SaaS in Cloud Security

What is the state of the SIEM-as-a-service market as we near the end of 2019?

Collard: Cloud is increasingly the future of security information and event management (SIEM). The cloud as the platform for SIEM allows organizations to scale better and more flexibly to align with, and meet, the present demands of their business.

Consuming capabilities as a service typically comes with the added benefit of helping free organizations from the responsibility of staffing the range of specialists required to deploy and maintain complex technology stacks. Managing threats is hard enough without having to also manage and maintain on-premises software deployments. When organizations are freed up from nonessential activities, such as managing hardware and software related life cycles, they can re-invest this found time and further focus on more important activities, such as protecting and defending critical corporate data and other important assets.

As this market continues to expand, we expect to see further adoption of open standards for data and applications. The increased adoption of STIX, TAXII and other open standards points to a future built on interoperability and the ability to protect data everywhere it exists. By not adopting open standards, you run the risk of losing visibility into the breadth of your data over time or in limiting your abilities to analyze your data into the future.

Looking Ahead to Cloud Security in 2020

What would you say should be the No. 1 priority for organizations moving to cloud security in 2020?

Collard: The short answer is protect your data — wherever it resides. The longer answer ultimately depends upon where clients are in their journey, whether they are just embarking on their journey to the cloud or they have already fully adopted the cloud as their deployment platform of choice. Protecting data from loss or leakage is the ultimate goal. To get there, organizations should embrace the opportunity to refresh their overall deployment strategy, from the ground up if necessary, and ensure that this strategy has cloud considerations integrated throughout.

After protecting your data no matter where it lives, what other aspects of cloud security should organizations focus on in 2020?

Collard: While outlining a modernized strategy, you should also take the opportunity to rebuild your security policies. Applying best practices, including a zero-trust security model, can help protect not only your data but also your networks, users, workloads and devices. This strategy should include the definition of microperimeters based on the end-to-end flow of data as well as the employment of microsegmentation, wherein identities and access can be strictly controlled to a granular degree and not just at the level of an entire server or subnet.

Where possible, organizations should look to leverage available cloud-native security controls. These controls can unlock additional visibility into your environments and can be used to further feed SIEM detection capabilities.

Achieving the goal of protecting your data across multi-cloud and hybrid environments also requires a strong DevOps — or DevSecOps — organization that can help automate, apply and manage your security at the critical intersections within your business. DevOps can play an important policy enablement role within your organization. Through DevOps, you should expect to see your policies and rules enacted with greater speed, velocity and precision.

If you have instrumented your environment correctly, have built the right monitors and have the right processes in place, you should then be effectively positioned to continuously monitor your environments for compliance. Having defined what needs to be filtered out versus kept and what needs to be analyzed versus maintained for posterity, organizations are best positioned to deliver orchestrated incident response.

No matter the size, organizations understand the benefits of migrating data and applications to cloud environments as they see the necessity to leverage cloud infrastructure to elastically scale up, store data in a cost-effective manner and reach a global customer base.

Listen to the Defense in Depth podcast on securing hybrid cloud

More from Intelligence & Analytics

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…