Cloud security predictions for 2024 include a retreat from the public cloud, a whirlwind of new software-as-a-service (SaaS) risks and a shift from the rush to build application protocol interfaces (API) to mitigating associated risks.
In this 2024 roundup of cloud predictions SC Media taps the InfoSec intelligentsia as a hopeful accurate sneak peek into the year ahead for security pros. The hope is these cloud prognosticators got the good stuff right (better API security) and were off on the bad stuff (sloppy SaaS security behind triggering large 2024 breaches).
This is SC Media's last 2024 look-ahead, part of a four-part series, which included the articles What’s new for ransomware in 2024?, 2024 cybersecurity forecast: Regulation, consolidation and mothballing SIEMs and Biggest AI trends of 2024: According to top security experts.
Cloud security: The good, bad and cloudy
All aboard the cloud train? Maybe not, says Igor Volovich, vice president of compliance strategy, Qmulos:
As large enterprises revisit their cloud strategy decisions, look for a shift to more self-managed, self-hosted architectures, with the resulting need for more traditional security models and approaches which have been largely supplanted by the mad dash to the cloud. CIOs and CISOs will likely find themselves asking their technology partners to support increasingly hybrid models or entire on-prem architectures that may require a top-down rethink of their risk, compliance, and security strategies, as well as realignment of investment priorities.
Kevin E. Greene
The move to private cloud, says Kevin E. Greene, public sector CTO, OpenText Cybersecurity:
With the current upswing in attacks to public cloud identity capabilities, I expect the U.S. government in 2024 to push agencies towards private cloud (or hybrid) to help reduce the attack surface and exposures with public cloud identity. Securing identities in cloud environments is foundational in controlling access to sensitive information and is the core principle that drives zero trust. The ongoing cyberattacks targeting identity in public cloud poses a significant threat to national security, the government must act swiftly to elevate cyber defense and urge agencies to rethink their architecture and strategies for zero trust.
Bar Kaduri
Cloud-native malware, says Bar Kaduri, research team leader, Orca Security:
As cloud services become increasingly interconnected and data transfers between various cloud platforms occur frequently, the risk of cloud-native malware infections rises with attackers becoming increasingly more sophisticated. Just a few weeks ago, an analysis of the Dagon Locker Ransomware by The DFIR Report showed how attackers are utilizing AWS knowledge to move within an AWS account and exfiltrate data. Leveraging existing cloud functionality and tools to conduct what appears like legitimate user activities, often known as masquerading, can reduce detection and allow for prolonged presence inside the cloud environment.
Elia Zaitsev
Enterprises should focus on securing the entire cloud state, says Elia Zaitsev, CTO at CrowdStrike:
The growth of cloud computing, the pace of DevOps, and the increased use of no- and low-code development platforms has led to an explosion of applications and microservices running within cloud environments. The speed and dynamic nature of application development makes it impossible for organizations to maintain a full picture of every application, microservice, database, and associated dependencies running in their environments. This creates a massive risk profile that cloud-savvy adversaries continually look to exploit. In 2024, enterprises must focus on securing their entire cloud estate — from both an application and infrastructure perspective — to win this battle.
Multi-cloud and cloud approaches come under scrutiny, says James Campbell, CEO and co-founder, Cado Security:
Regulators will scrutinize the multi-cloud strategy, emphasizing redundancy across cloud providers. Ensuring resilience and data availability will be paramount, urging businesses to diversify their cloud portfolios. Cloud Service Providers (CSPs) will also offer more multi-cloud security capabilities and feature sets to address market and customer needs.
We will add broader context to cloud security, says Marc Gaffan, CEO, IONIX:
While many solutions are available to manage cloud security posture — 2024 will be the year when organizations insist on getting better visibility and insights into their complete attack surface, including cloud and on-premises assets, together. In 2024, companies will break the silos between the cloud and on-prem security teams, understanding that cloud is just a part of the broad organizational attack surface, and that it is critical to assess cloud exposure in the context of the whole attack surface.
The sassy future of Software-as-a-service (SaaS)
Ariel Parnes
SaaS breaches will take center stage in 2024:, says Ariel Parnes, COO and co-founder, Mitiga:
As organizations increasingly rely on SaaS applications, 2024 will witness how these applications take a pivotal role in large breaches. The rapid adoption of numerous SaaS apps, sometimes with no visibility or control by the organization (“Shadow SaaS”), has created blind spots in many environments. The lack of visibility and control, coupled with the access these apps have to sensitive data, makes them attractive targets for cyber adversaries. Organizations will need to address these risks urgently, as SaaS applications are fast becoming the Achilles heel in cybersecurity.
SaaS applications is the next big attack surface in 2024, says Adam Gavish, CEO and co-founder, DoControl:
As many businesses shift to remote or hybrid work post-pandemic, a significant amount of SaaS applications have been downloaded for work use. In 2024, SaaS applications will present the next biggest attack surface that organizations have not yet addressed. Businesses are increasingly relying on cloud-based solutions for critical operations, which is expanding the attack surface and broadening the canvas for cybercriminals to exploit vulnerabilities.
Moreover, the rise in popularity of generative AI will make social engineering attacks become easier for SaaS identity account takeovers. Security teams will need to assess all the applications that have been installed by employees, determine which are necessary for business operations, and understand the attack surface each presents. In the new year, organizations will need to “clean up” their SaaS security posture and remove all unnecessary applications with extensive permissions. Security teams will need to develop a comprehensive SaaS security program to monitor application installations and manage security controls so they can avoid a major SaaS data breach in the new year to come.
SaaS will democratize the IT department, says Guy Guzner, co-founder and CEO Savvy:
Similar to how social media democratized the news, SaaS is poised to democratize IT. Third-party productivity and generative AI offerings are acting as gateways for employees to expect the freedom to leverage any tool to get their work done, irrespective of IT policies. This will create significant organizational challenges as IT and security teams grapple with the mass proliferation of unsanctioned SaaS usage. Ensuring that basic identity hygiene is maintained, identifying the lack of SSO and reused passwords, as well as effectively offboarding users when they leave will become both more difficult and more important than ever.
The API push for security
2024 will be the year for deploying API security strategies, not just deploying API security tools, says Nick Rago, Field CTO, Salt Security:
For many organizations in 2023, API security became a priority, but was treated as a security checkbox, where security teams were looking to augment their existing web application security tools. As APIs continue to proliferate in organizations spanning all industries at incredible rates, and risky security posture, misconfigurations and logic based vulnerabilities continue to plague security teams leaving threat actors a low barrier to breach, organizations are realizing they don't have a tooling problem, they have a strategy problem.
In 2024, we will see many organizations work on their API governance programs, to better help pave the roads, and put the security guardrails in place, to ensure a safer, more productive API-first journey. API production and usage will continue to increase, especially as many organizations in 2024 adopt more AI (artificial intelligence) driven processes and solutions in their business. AI needs data, and APIs are the vehicle for that data - and much of that data will be business critical or sensitive data. API sprawl is too risky in these scenarios.
Identity in the cloud: Dealing with split personalities
A new approach to security’s “identity crisis," says Wes Gyure, director of identity and access management, IBM Security:
As organizations continue expanding their cloud services and applications, each one brings its own disparate identity capabilities — creating a web of disconnected identity profiles and capabilities across cloud, on-premise systems and applications. In the past, organizations hoped to consolidate these identities via a single identity solution or platform, but in today’s reality organizations are coming to terms with the fact that this approach is neither practical nor feasible. In the coming year, organizations will move to embrace an “identity fabric” approach which aims to integrate and enhance existing identity solutions rather than replace them. The goal is to create a less complex environment where consistent security authentication flows and visibility can be enforced.
Threat hunting in the cloud
Threat hunting expands to cloud and internal systems, Josh Lemon, director of managed detection and response team, Uptycs:
Organizations will need to broaden their threat-hunting to a better understanding of how their cloud and internal systems work together. Threat actors are less concerned with if they are compromising a cloud or an on-prem system, but for threat hunters, this is important as the evidence sources available are very different.
