By: Crystal Morin

Companies are committed to using cloud technologies in their operations. According to Gartner forecasts, spending on public cloud services will total nearly $600 billion in 2023. Enterprises are spending because they want to engage with new technologies like AI, and because they have larger, ongoing digital transformation projects. Implementation in the cloud is also faster than starting with a traditional data center, as companies can take advantage of the cloud’s scalability and speed of deployment.

However, this shift to the cloud comes with security concerns. For many organizations, securing their cloud estates is hard. With so much cloud spending and expansion and, by implication, its growing strategic importance to businesses, we have to get cloud security right. To achieve this, we must first understand why cloud security appears difficult to get right, then look at the processes, tools, and workflows required for a cloud environment to be secure. Cloud-Native Application Protection Platforms (CNAPPs) can help with all of this.

Why is cloud security hard?

Cloud deployments are very different from traditional environments because of the infrastructure involved, the tools available, and how the applications are designed. By digging into and understanding each of these factors as they pertain to a cloud environment, we can learn how to strengthen our overall cloud security.

The first area includes the applications and services that we build in the cloud. Today, software developers use the cloud because it is more flexible for deployments and can scale up fast. The applications themselves are built as microservices - small application components covering specific tasks that connect to each other using APIs. These components can run in clusters of containers that can be scaled up based on demand. Software container orchestration tools like Kubernetes can automate this process, adding containers when demand soars and restarting containers when problems occur.

This application design approach also avoids some of the problems that traditional monolithic applications have. You can update software components separately rather than having to take down the whole application. Furthermore, any additions or new functionality can be added by updating the APIs once the services are ready to install. For developers, this is a faster and more efficient way to work, but it can also pose difficulties for security teams. Cloud service providers produce an abundance of data that is amplified by each software component around what it is processing and what it has been asked to do. Spotting potential security problems in this mess of updates, alerts, logs, and transaction details is hard.

Next, we must address the tools we have in place to spot problems. Security teams today utilize a mix of tools that typically focus on vulnerability management, posture management, permissions and entitlements management, or threat intelligence. Usually, each of these tools covers a specific use case and they are not integrated. The end result is that security professionals have to carry out tasks manually to glue their processes together and achieve desired results, and probably face even more data. Even enterprises with significantly sized security operations centers cannot keep up with this song and dance.

To solve this, companies must integrate their security processes more effectively in the cloud so that their security teams have a manageable view of what is taking place in and around the cloud infrastructure. Security teams need data processing automated so that they can see the risks that are the most significant first, rather than drowning in