Get My Score

The Year of Hybrid and Multi-cloud Adoption

Cloud Security Predictions for 2019

Plus Other Cloud Security Predictions for 2019

Well, 2018 is almost behind us, (sigh!) and we see 2019 as a watershed moment in hybrid and multi-cloud adoption. Organizations, maybe yours included, are increasingly comfortable in running critical workloads across multiple environments as long as they can maintain visibility and control. And, the major public cloud providers have embraced hybrid deployments with products that streamline adoption, such as Microsoft’s Azure Stack and the just-announced AWS Outposts. But we still have a long way to go. For example, how do you best secure these more complex deployments?

At Cavirin, we’ve supported and embraced the hybrid cloud from our earliest days. We offer security monitoring and remediation via CloudTrail and Lambda Functions for AWS, as well as the equivalent StackDriver and Functions on Google Cloud. The same capabilities are shortly coming to Azure. Across all three clouds, CIS hardening and network policy checks are available today. Increasingly, the public cloud providers are combining their own security offerings with those of their cloud partners, offering their customers better control. We recently announced Google Cloud Security Command Center integration--a good example of this trend.

Not to ignore the workloads, remember once again that under the cloud provider shared responsibility model, AWS, Azure, and Google Cloud secure the services they offer ‘in the cloud,’ but the customer takes over for their ‘on the cloud’ applications and data. Our new Ansible Playbooks, in combination with our continuous assessment, permits the operator to first create ‘golden images’ based on their risk profile, and then track any deployments for drift and immediately invoke corrective actions if required.

So, what are some specific predictions for 2019? Here’s a selection from our input to various publications:

  • Cloud 2.0: Security, especially across multi-cloud and in combination with on-premise, will continue to be top of mind. Additional awareness of both insider and external threats will be combined with effective tools that balance protection and usability. More CISOs will peer with CIOs as opposed to reporting to them. Further, mainstream enterprises will look beyond just getting their apps to work in the cloud. They will move to the next phase of optimizing performance, manageability, and security as part of a true multi-cloud deployment, where they have critical workloads both on-premise as well as within one or more public clouds. Smaller enterprises, with an awareness of cloud risks, will deploy third-party cloud security software.
  • Mind the Gap: Too often, SecOps or SIEM tools report on issues, but follow-up by DevOps is delayed. For security, this can result in major risks. We’ll see a wider deployment of tools that close the loop from this monitoring to change management, helping to automate many processes that require manual intervention. An example could be monitoring one’s hybrid infrastructure for change in security posture, automatically triggering Ansible Playbooks to correct to the known good baseline.
  • DevSecOps Becomes Real: On the back of DevOps and SecOps, many now understand the concept behind DevSecOps. But, that has happened, is that this is still pushback on how to best automate checks, and how to protect against potential job loss. This is solvable with some of the new approaches on the market, and through past technology and role transitions, job loss was never as high as anticipated.
  • Elevating the Importance of Cybersecurity: Business executives will embrace cybersecurity as a primary business responsibility, and not simply a technology issue. This will be combined with new state and potentially federal laws that improve privacy and reduce exposure. These shifts parallel trends internal to the organization, where technologies are increasingly vendor-managed and IT moves to the business units. The overall move to the cloud is only one example of this. Conversely, cyber and information security, due to importance, will transition from a technology function to a legal function.
  • ML and AI Reality Check: No set of predictions would be complete without homage to AI. There is no shortage of investment in this space, and startups with novel ideas. The goal will be to better understand how these technologies solve well-understood problems, how they integrate with existing workflows, and most importantly, how they remove risk. This all can’t happen soon, given that the hackers, especially those state-sponsored, are deploying many of the same tools. As noted in BlackHat this past summer, 2019 is the year that the industry must go back on the offensive.


Check out our News page for links to all the articles our leaders were featured in during 2018. 


© 2019 Cavirin Systems, Inc. All rights reserved.