# Multicloud Security Challenges Will Persist in 2023
Source URL:
https://www.darkreading.com/zscaler/multicloud-security-challenges-will-persist-in-2023
Date: 20230125T1700
Cloud transformation has become a strategic advantage for many
organizations, providing convenience, cost savings, and near-permanent
uptimes compared with on-premises infrastructure. At the same time, the
move to cloud has also increased the attack surface, resulting in an
uptick in criminal activity targeting cloud environments. As we roll
into 2023, fears about a potential recession and a corresponding desire
to cut costs are renewing urgency to move to the public cloud.
For organizations to successfully secure cloud environments, they must
understand the critical risks that can be exploited by attackers to
infiltrate cloud environments. As with legitimate activity in the cloud,
attackers continue to evolve their approaches, so the challenges faced
in 2023 will be different than those faced in 2022 and prior. Here are
my top 2023 predictions.
## Multicloud Environments Will Continue to Compound Security Challenges
Multicloud offers numerous benefits, from avoiding vendor lock-in to
reliability, agility, and cost-efficiency. At the same time, however, it
brings additional layers of complexity, particularly regarding security
management. According to a recent report, [78% of organizations deploy
applications on more than three public clouds][1].
Moreover, the number of services available from the top three public
cloud providers (Amazon Web Services, Azure, and Google) is expected to
surpass 1,000, up from 750 today. In an effort to embrace agility and
innovation, security practitioners will need to find ways to support
these news services as soon as they are available.
With each cloud provider's unique capabilities enhanced and expanded
almost daily, organizations will have to invest in automated tools that
map new services to security and compliance frameworks, like NIST, CIS,
and others.
## Securing Developer Environments Will Become the Most Critical
Component
The continuous growth and diversity of application deployments are
creating an extensive attack surface for malicious actors. We have seen
cybersecurity incidents like SolarWinds, Kaseya, and Spring4Shell
significantly impact organizations.
On the other hand, we also see issues like Log4j, which recently
demonstrated how many organizations can be impacted due to software
vulnerabilities. Hence, we expect securing developer environments will
become one of the most critical components for organizations in 2023.
## DevSecOps Tool Sprawl Will Begin to Consolidate
According to Gartner, of those organizations that have implemented a
DevSecOps pipeline for cloud security, "these organizations have
manually stitched together DevSecOps with 10 or more disparate security
tools — some old and some new — each with siloed responsibility and view
of application risk."
Recognizing the overhead with managing so many tools, and the challenges
with achieving consistent policies across cloud providers and services,
information security teams will increasingly standardize on broader
platforms, such as cloud-native application protection platforms, at the
expense of point products, such as cloud security posture management,
infrastructure-as-code scanners, and cloud workload protection
platforms.
## Focused Approach for Data Protection
Monitoring data across multicloud environments has been an unsolved
problem for a couple of years for most organizations. When production
workloads are moved between multiple public cloud environments, it
becomes difficult to track data or access permissions. Tools for cloud
service providers have limitations to secure data in multicloud
environments.
In 2023, organizations need to adopt new tool sets and new mindsets, and
make a greater effort to detect, classify, and enforce policies to
secure sensitive data. We expect data protection to be at the center of
the cloud security strategy to avoid increasingly high-profile, complex
cyberattacks and data breaches.
## Do More With Less
The current economic climate is pointing toward a trend of tighter
budgets in 2023. To combat this challenge, leaders will be consolidating
tools, processes, and expertise with a more collaborative approach.
We'll see wider use of cross-functional teams with even greater ROI
focus to boost efficiency and reduce complexity.
## Cybersecurity Hiring Will Remain a Challenge
According to the [(ISC)2 2022 Cybersecurity Workforce Study][2], there
is a shortage of 3.4 million cybersecurity workers worldwide. With
limited staff, we expect security leaders to emphasize security
automation with risk-based prioritization.
## How to Stay Safe in 2023
Based on our experience of investigating attacks and related incidents,
we believe that security leaders need to focus on the following tactics
and techniques:
* Cloud security approach and strategy: With the prevalence of large-scale cloud-native deployments, adopting a more modern, agile, and integrated cybersecurity approach is mission-critical.
* Select the right tooling: Shifting to robust security with the right solutions and level of expertise, over security layers and threat intelligence.
* Prioritizing visibility: Gain insight and control over the complex cloud environment covering threats, risks, and vulnerabilities in the cloud.
* Data security in focus: Secure data in large, dispersed environments with strategic integrated data protection and DLP approach.
* Threat intelligence, advanced correlation, and machine-learning techniques: Use a combination of advanced techniques to stay ahead of bad actors and proactively reduce risk.
* Automate and maintain continuous compliance standards.
* Team collaboration: Distribute and delegate security responsibilities using automation across the organization.
[1]:
https://www.virtana.com/press-release/virtana-research-finds-more-than-80-of-enterprises-have-a-multi-cloud-strategy-and-78-are-using-more-than-three-public-clouds/
[2]:
https://www.isc2.org/Research/Workforce-Study
