Four Top Cloud Security Predictions for 2022 You Can’t Miss

Attacks on cloud infrastructure will be one of the leading attack vectors for 2022, warn experts. Here’s a look at some cloud security predictions that should guide organizations’ cloud strategies in 2022.

January 7, 2022

Organizations worldwide are moving their data and applications to the cloud, but so are cybercriminals. With 2022 upon us, more and more organizations are expected to adopt hybrid or multi-cloud approaches, but are they wary of the risks they could face? Here’s a round-up of some of the pressing cloud security challenges and opportunities that organizations across sectors should prepare for in the year ahead.

Brad LaPorte, a former Gartner analyst and cybersecurity advisor, warns that organizations that treat the cloud as a vector for digital transformation should also keep in mind that attacks on cloud infrastructure will be one of the leading attack vectors for 2022. By the end of the year, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40% in 2020, he says, but the opportunity could quickly turn into a nightmare if organizations don’t prioritize cloud security. 

“Through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users. In addition, 96% of third-party container applications deployed in cloud infrastructure contain known vulnerabilities. And 63% of third-party code templates used in building cloud infrastructure contained insecure configurations. To say that cloud security needs to be a top priority will be the understatement of the year.” 

It’s not that the security of data and applications stored in the cloud doesn’t concern organizations. The IDC State of Cloud Security Survey for 2021 foundOpens a new window that 98% of surveyed organizations experienced at least one cloud data breach over 18 months. The top reason behind the high casualty rate was “the rush to the cloud and work-from-home resulting from the COVID-19 pandemic.” This has also spurred organizations to prioritize security, with compliance monitoring, governing access permissions, and addressing data privacy issues topping the list of priorities.

IT security professionals and decision-makers know too well that ticking a few boxes can never be the final solution to cloud security challenges faced by organizations. As we enter 2022, here’s a round-up of experts’ top cloud security predictions that should guide organizations’ cloud strategies in the year ahead.

See More: 10 Cloud Security Trends That Will Shape 2022 and Beyond

Consolidated Security Platforms Are the Future

One of the pragmatic ways to prepare for the cyber threats of the future is to act quickly and decisively when the solution is in sight. The use of multiple security tools for different purposes simultaneously has been a significant challenge for IT security teams. Considering the limited budgets available to security teams, Gartner predicts that the adoption of consolidated security platforms will be an important trend in 2022.

“Driven by the need to reduce complexity, leverage commonalities and minimize management overhead, security technology convergence is accelerating across multiple disciplines. By 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access from a single vendor’s security service edge (SSE) platform,” the research firm saysOpens a new window .    

Gartner says that security platform consolidation helps address challenges like fast-changing threat landscapes, insufficient technical talent, and rising demands for services. Organizations should leverage consolidation to define common policies and reduce gaps and vulnerabilities between legacy silos. Alongside onboarding a consolidated data security platform, organizations should also inventory data security controls to implement a multi-year phaseout of siloed data security tools that are holding them back.

The Data Breach Culture Will Continue, Unless Organizations Improve Visibility

Oran Avraham, the co-founder & CTO of Laminar, believes the data breach culture we have seen emerge over the past few years will continue to permeate in 2022 if we do not take a moment to reflect on the causes of attacks in the last year.  

“It is imperative to understand where these attacks originate from to discontinue the cycle of data abuse. If one were to examine some of today’s biggest data breaches, a pattern would immediately emerge — the majority by far originated from public cloud infrastructure

“So what should organizations be looking for to protect public cloud environments? First, the solutions must be cloud-native. Second, data protection teams are almost blind when it comes to data residing in the cloud. Therefore, the solution must start by integrating with the public cloud itself in a modern, agentless way. It must be able to identify where and which types of data reside there. This way organizations can focus on protecting what matters most. Finally, the solution must not impact performance,” he says.

“It is my hope that organizations will take a moment to reflect on the importance of public cloud data protection in order to change the data breach narrative in 2022 and beyond.”

Amit Shaked, the CEO & co-founder of Laminar, says that data protection has not kept pace with data democratization. The solutions data protection individuals are using haven’t adjusted to the public cloud environment, which makes work much more challenging than that ever before. 

“In 2022, it is going to become crucial that organizations use solutions that provide visibility, context, accountability and alert data protection teams to data leaks in order to halt adversaries in their tracks. The solution should be able to continuously and automatically discover and classify data for complete visibility, secure and control said data to improve data risk posture, and detect data leaks and remediate them without interrupting data flow. These simple approaches can go a long way in preventing devastating breaches in 2022 and beyond.” 

See More: Five Major Cloud Security Challenges Businesses Should Prepare for in 2022

Increasing Reliance on ZTNA to Secure Data Hosted in the Cloud

Kurt Glazemakers, CTO at Appgate, says that a staggering acceleration of organizations moving to the cloud to adapt to hybrid working over the past two years is now matched by increasing demand for cloud-based security solutions to secure data stored in the cloud.

“The working-from-home environment has forced organizations to recognize security as a top-priority. They no longer have to choose between ensuring network performance and security- the two go hand in hand and it’s now the norm to see them working in harmony, rather than as two separate entities. With the work-from-anywhere era showing no sign of ending, this approach will force organizations to superior security architectures like Zero Trust Network Access (ZTNA),” he says.

According to Glazemakers, more organizations will start adopting modern cloud-driven, containerized, automated development methods, using advanced automated deploy processes (DevOps) to speed up development cycles. They will also need a SecDevOps approach to boost agility and security as the approach applies security into every stage of the development operations and deployment cycle.

“2022 will see more organizations look towards ZTNA as a solution to provide both efficient security and scalability. By implementing a ‘zero trust’ approach to security and ensuring all teams apply security to their processes while still keeping high-level policy enforcements, organizations can achieve SecDevOps by aligning their business needs with their security needs. Employing a single unified process ensures that the organization’s network security still meets business demands in a similar agile and even more secure way.  

“This movement by organizations to a permanent solution, such as ZTNA, will subsequently lead to a reduction in legacy technologies and more antiquated solutions that are currently clogging up the market. Organizations need to become more efficient and have solutions that offer genuine clarity on how they can become secure. As such, we will see an evolution from legacy technologies, such as VPNs, to more mature, dynamic, and easy to manage solutions like ZTNA,” he adds.

Multi Cloud Environment and Containers Will Increase the Attack Surface Exponentially

Ilia Kolochenko, the chief architect & CEO at ImmuniWeb, says that a multi-cloud architecture boosts an organization’s cyber resilience and uninterrupted availability of business-critical applications. However, software developers’ lack of experience in DevOps security can increase the attack exponentially in 2022.

“Containers and cloud-native applications increase agility and speed of software development. However, the novel technologies also bring a wide spectrum of new risks: inventory of IT assets and data in the cloud becomes an arduous task. Software developers usually have no experience in DevOps security and accidentally expose cloud storage, unprotected serverless endpoints (FaaS) or container management systems to the Internet.

“Infrastructure-as-Code (IaC) technology exacerbates the problem by erecting vulnerable-by-design and unprotected-by-default cloud systems. Excessive IAM policies open doors to cloud pivoting when intruders may take complete control of other systems, repositories, and databases in the cloud just by compromising a single web application. While organizations rush to migrate into a cloud without providing their employees with adequate security training, we will see new spikes of cloud-related breaches and data leaks, he adds.

Are organizations ready to face emerging cloud security challenges in 2022? Let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

Jayant Chakravarti
Jayant Chakravarti

Senior Assistant Editor, Spiceworks Ziff Davis

Jayant is Senior Assistant Editor for Spiceworks News & Insights and handles feature stories, news, and interviews around the latest developments in the field of technology, specifically around disruptions introduced by emerging concepts such as cybersecurity, AI, cloud computing, and data-driven analytics. He specializes in the coverage of cybersecurity laws, regulations, and practices in EMEA and North America. You can get in touch with him at jayant.chakravarti@swzd.com
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.