Six noteworthy cloud security trends in 2022

Many innovations have triggered a new wave of Technology —— From the prosperity of server free technology （ Allow companies to expand and build platforms at an unprecedented rate ） To the development of cloud automation and security . These innovations enable organizations to improve business agility and reduce costs ; But they also increase the attack surface , just as  IDC  As a recent report proves , The report emphasizes 98%  In the past  18  At least once a month, I have suffered from cloud security vulnerabilities .

Based on these changes , The following is expected to be in  2022  Major cloud security trends in .

1、 Server free growth

We see more and more organizations adopting serverless architecture in their platforms .Serverless It refers to those applications that completely rely on the services hosted on the third-party cloud to complete the server-side code logic and manage the state . Serverless architecture means that we can not only take advantage of cloud service providers  FaaS（ Function as a service ） service , You can also mine various available serverless products . With the introduction of new serverless products every quarter , It is important to understand the potential risks that may arise .

for example ,AWS Pinpoint  It's a kind of  AWS  service , It provides email 、SMS  Messaging and marketing tools , Easy to set up and start integration  Lambda、API  Gateway, etc. . With countless integration options and functions , It's for application developers and the cloud  IT  The team knows what the security configuration is , And the potential risks associated with these tools .

We also see things like “ No issue ” Architecture and the like are used across multiple  CSP  Of  FaaS  Architecture for more control . As control over these types of architectural decisions increases , There is a new way to consider security . We have been paying attention to these new models , And is studying how to consider security when using more serverless Services . In the coming year , We will pay close attention to serverless , And how best to protect it , At the same time, improve efficiency and reduce risk .

2、DevSecOps

More and more organizations are beginning to fully adopt infrastructure, that is, code  (IaC)  To create a completely autonomous cloud based environment . From a security point of view , Ensuring that the supply chain from code to production is protected and monitored is becoming a growing concern for organizations . We see that tools in this field are beginning to mature , And is implementing a new strategy . for example , You can perform pre verification of configuration and architecture , Make sure your architecture and code are compliant and secure before they go into production . In the coming year , We hope to see more third-party tools and native cloud services introduced , To better support the entire supply chain .

3、 Cloudy strategy

The cloudy strategy will continue —— Many enterprises are choosing the technology that best suits their platform , At the same time, we are also creating an elastic architecture utilizing multiple cloud service providers . We will soon see this model mature with multicloud security practices and tools . Besides , We see “ cloudy ” Surround the edge calculation , It will continue to expand to the factory floor , And branches and private data centers . We are monitoring the development of this field , And develop new ways to adopt a multi cloud strategy for the organization .

4、 Application structure

The line between application developers and infrastructure engineers has become very blurred . Developers are creating cloud architectures based on the services they are trying to use , Or create a new infrastructure from their code base . Cross functional teams began to work together , Think about how security plays a role in this new way of thinking . We found potential new attack vectors and security configurations that help customers understand the impact . We see that this trend continues .

5、SaaS Security

In the past year , We see the use of  SaaS  Violations of the platform have proliferated . With this growth , And we saw that  SaaS  The growth of security products and tools . One of these areas is  SaaS  Safety state management  (SSPM)  Tools .

SSPM  Is helping organizations to understand their overall  SaaS  Product portfolio , To ensure that they are in compliance with the pulse of the activity .2021  year , We see this  SSPM  About a dozen platforms have been adopted , But in  2022  year , We will see what these tools support  SaaS  The number of platforms has increased significantly . The organization began to create a stronger  SaaS  Security plan , The plan can cover their entire product portfolio , From the induction and validation of cloud based suppliers to their ecosystem  SaaS  Supplier monitoring and alerts .

6、 With attribute based access control  (ABAC)  Dynamic access policy

ABAC  Use tags to dynamically determine access rights . for example , If I have a label “ project ”, I can build a strategy , If the label on the body “ project ” The value of is the same as the label on the target resource or environment “ project ” The value of matches , Then grant permission . This allows for more scalable and reusable strategies , Simplify management and improve privilege isolation . Although many cloud service providers have not yet implemented this new approach in all services （ Minimize its utility ）, But we are happy to see the adoption and growth of this new method in the coming year .

As more and more organizations adopt work from home and mixed environments , And transfer the workload and data to the cloud , We need to protect the cloud supporting infrastructure from the beginning . Cloud is the driver of enterprise productivity , But it must be used with the safety first method , To minimize risk , At the same time, improve productivity .

The original is translated from helpnetsecurity, author Romke de Haan, Super technology translation , Please indicate the source and original text of the reprint of the cooperation site. The translator is super technology ！

Hi, I'm super technology

Super technology is an information security expert , Can defend without upper limit DDos Attack and CC attack , Alibaba cloud strategic partner ！