2021 Predictions: Cloud Security

With more organisations than ever relying on cloud, we look at what might be in store for cloud security in 2021

Posted 24 December 2020 by Christine Horton

The global pandemic has had a huge impact on businesses, the most challenging being the need to allow employees to work from home for a prolonged period. Many businesses have moved quicker with cloud adoption than originally planned, but this also means that in some case all the steps to secure the business haven’t been followed.

As we move into 2021, cloud security is at the forefront. Unfortunately, where there are new operating models, there are also criminals trying to exploit them. Especially when these models are adopted so quickly.

According to Radware’s recent global survey of senior executives, 76 percent of companies adopted cloud services faster than they had planned, which unintentionally increased attack surfaces and created security gaps for hackers, with some 40 percent of execs said they suffered more attacks than normal as the pandemic took hold. 

Prakash Sinha, technology executive and evangelist for Radware believes that a multi-cloud approach will be how many businesses tackle continuity and security in 2021, “We will see organisations evaluate multi-vendor and multi-cloud options to hedge against outages at their primary cloud providers. Revenue-impacting business applications will be hosted across multiple providers, and companies will require service level agreements and demand high availability solutions.”

There are many other areas that businesses need to get on top of to ensure their security standards are up to scratch in 2021. Samantha Humphries, senior security strategist, Exabeam, states that, “We will see a wave of data breaches linked to reduced security standards due to facilitating mass remote working. The hasty nature of these changes – combined with reduced staffing, less investment in security and an increase in attacks – presents some major data security issues.”

Indeed, a survey of cyber professionals conducted in May this year painted a bleak picture: 71 percent of cyber professionals were seeing an increase in threats, three quarters had furloughed members of their SOC team and 60 percent needed to defer planned investments in security technology.

Tightening up security standards

Humphries believes that organisations will move quickly to tighten up controls, “For most security teams, 2021 will be a time to take stock and retrospectively apply due diligence to all cloud applications and services brought online to support remote working in 2020. This means ensuring security controls meet at least pre-COVID standards – with visibility, detection and response capabilities across cloud services, applications, and infrastructure – across both current and ‘old normal’ cloud applications and services.

“Predictions can be difficult at the best of times but going into 2021, one thing is clear – protecting the credential will be key. With far more entry points open to attackers, securing and monitoring the credential is more important than ever.”

One entry point that attackers will be looking to exploit are individuals. Angel Grant, director of digital risk solutions at RSA Security states, “Studies show that younger users simply don’t pay as much attention to their digital identities as older users. Cybercriminals know this and will therefore target younger people in 2021 with an emerging type of fraud: they’ll create false or so-called ‘synthetic’ digital identities using pieces of legitimate information they can easily find online – such as a social security number, date of birth and their mother’s maiden name – and create a whole new identity with these pieces of information. Ultimately, this will lead to a surge in new account fraud.”

Adopting the right approach

Keith Glancey, systems engineering manager, Western Europe at Infoblox believes that the benefits of cloud-native security solutions will be realised in the coming year. “Cloud computing is now a given, but the path to the cloud is still paved with challenges. A common option is to ‘lift and shift’ your IT infrastructure into the cloud, but this doesn’t take full advantage of what the cloud can offer. Instead of picking up an on-premise solution and copy + pasting it into the cloud, it’s cloud-native solutions that will offer the real benefits organisations need to compete at scale.

“What does this mean for security? Well, cloud-native solutions that use Docker and Containerisation don’t carry the same legacy baggage. They’re lightweight apps that allow you to pinpoint problem areas and fix them in isolation. This makes remediation times for security flaws much faster and more efficient. Cloud-native security solutions allow organisations to resolve security issues without taking down the entire system – meaning increased uptime and less strain on resources, two things that are particularly important given rising consumer demands for always-on services mixed with the increased attack vectors we’ll see in 2021.” 

Another approach that is gaining traction due to its benefits is the Zero Trust model. Tim Bandos, CISO, Digital Guardian said, “I believe we’ll see a significant increase in the adoption of a Zero Trust-as-a-Service model being used in security strategies beyond 2021. We’ve learned over the years that relying heavily on network security such as firewalls does almost nothing for you when faced with determined adversaries.

“Also, as organisations move more of their workloads to the cloud, it only becomes more imperative to protect and restrict those whom have access and ensure you have the right level of visibility. This approach will require more granular perimeter enforcements based on who the user is, where they are located, and other elements of data to determine the level of trust that’s granted. Implementing this type of strategy is not something that’ll occur overnight.

“My recommendation to organisations looking to embrace the Zero Trust model is to first design it and try to avoid the incorporation of legacy systems that aren’t fully capable of taking this journey. For larger and more complex businesses, this may be a multi-year project depending on your IT environment. But for smaller and medium-sized companies, it could be a great opportunity to completely transform how they approach cybersecurity that’ll ultimately protect them from advances being made by threat actors.”

One thing is clear, cloud adoption will continue to increase, and businesses need to ensure that their security strategies are up to scratch in 2021. Otherwise, cybercriminals will move even quicker than some businesses did to adopt remote working to exploit any vulnerabilities.