By Lawrence Pingree
Gartner expects cloud security spending to grow by 24% in 2024, making it the highest growth among all sectors in the global security and risk management market. This increased investment is necessary because the continued shift to the cloud opens up more new attack opportunities. In fact, Gartner predicts that by 2027, third-party/cloud infrastructure investigations will rise from unregulated activity to more than two-thirds of reported incidents.
Chief Information Security Officers (CISOs) must be prepared for the evolving security management landscape as cloud security technologies continue to emerge.
Why is spending on cloud security rising?
Gartner predicts that by 2027, more than 70% of organizations will use industrial cloud platforms to accelerate their business initiatives, compared to less than 15% in 2023. With this increasing cloud usage, organizations must invest more in technology to protect their data. Applications and infrastructure services.
Cloud security technologies are involved in a myriad of public and/or private functions that include authentication, authorization, encryption, workload security, and access controls. Security surrounding cloud technologies also addresses compliance and regulatory requirements for threat detection, risk management, auditing, monitoring, long-term logging, object storage, and activity analysis for security use cases.
IT managers should look to emerging technologies in cloud security to align with the rest of the organization. This includes a focus on addressing the advancement of resiliency to the most sophisticated threats, data integrity, data security, and runtime isolation.
By investing in, adopting new technology strategies, and keeping up with the latest emerging trends in cloud security, CISOs can protect their data and applications against evolving threats, ensuring the long-term security of their cloud infrastructure.
How can CISOs effectively address the unique challenges of cloud security?
Cloud-based applications are often more vulnerable to attacks because they are exposed to a wide range of potential threats, including insider threats and data breaches. The use of containerization technologies in cloud environments can make it easier for attackers to exploit vulnerabilities and access sensitive information. This has led to increased investment in solutions such as Cloud Native Application Performance Platforms (CNAPP).
CNAPP offerings offer an integrated set of capabilities that include runtime threat detection, visibility and control, situation management capabilities, software configuration analysis capabilities, and workload security features.
The impact of solutions such as CNAPP tools is high due to the relatively strong value propositions that these tools provide to enhance various security needs. By leveraging CNAPP tools, organizations can accelerate the speed of delivery of new code enhancements to their product or service offerings, while continuously managing and verifying their cloud infrastructure, and protecting against emerging threats in their cloud operating environments (including hackers or malicious code or insider threat risks).
CNAPP products continue to evolve with progressive features focused on data security, Generative Artificial Intelligence (GenAI) posture assessment use cases, and multi-cloud configuration monitoring.
How has GenAI impacted cloud security spending?
Because GenAI is still relatively new to the enterprise, forward-looking CISOs must realize that the future of the technology is still very uncertain.
For example, the Gartner Emergence Cycle for Cloud Security (see Figure 1) highlights notable cloud security innovations, including underlying technology advancements and interesting new uses for the technologies. It represents the evolution of technological innovations from ideation to R&D to early production.
Figure 1: Cloud security emergence cycle
Source: Gartner (June 2024)
AI-focused cloud security measures, such as AI configuration monitoring, are still in the early stages, but are still vital to a CISO's long-term plans. Specifically, AI configuration monitoring refers to a set of emerging security technologies and trends that aim to enhance security policy configuration monitoring. IT acts as a natural extension of the posture control, security, and operational management of cloud technologies, identity, and infrastructure related to artificial intelligence and machine learning.
From a market perspective, the growth potential for AI-related cloud security measures, such as AI configuration monitoring, is highest in regulated industries, such as government, financial institutions, and healthcare that are driven by security and trust mandates and target buyers who desire to run their own AI systems and models. .
Gartner analysts will discuss more cloud security topics at the Gartner IT Symposium/Xpo, taking place November 11-13 in Kochi, India. Media recording can be booked via (email protected).
(The author is Lawrence Pingree, VP Analyst at Gartner, and the opinions expressed in this article are his own)
