- Cloud Security Newsletter
- Posts
- Top 3 - Cloud Security Predictions for Cloud & AI built on Cloud!
Top 3 - Cloud Security Predictions for Cloud & AI built on Cloud!
After over 50+ conversations with Cloud Security and AI CyberSecurity Experts over 2024. We finally have our Top 3 Predictions for Cloud and AI built on Cloud for 2025! You are the first one to read it! 🤫 This will be shared publicly next week from Cloud Security Podcast! So please keep this to yourself and people close to you until then! Enjoy!
Happy New Year! & Hello from the Cloud-verse!
This week’s Cloud Security Newsletter Topic is Top 3 Cloud Security Predictions for Cloud & AI built on Cloud! (continue reading)
Incase, this is your 1st Cloud Security Newsletter! You are in good company!
You are reading this issue along with your friends and colleagues from companies like Netflix, Citi, JP Morgan, Linkedin, Reddit, Github, Gitlab, CapitalOne, Robinhood, HSBC, British Airways, Airbnb, Block, Booking Inc & more who subscribe to this newsletter, who like you want to learn what’s new with Cloud Security each week from their industry peers like many others who listen to Cloud Security Podcast & AI CyberSecurity Podcast every week.
Cloud Security Topic of the Week
Top 3 Cloud Security Predictions for Cloud & AI built on Cloud!
Welcome to this week's edition of the Cloud Security Newsletter!
This week, we dug deep into insights from our conversation with over 50+ Cloud Security Professionals from 2024 Tech Conferences on Cloud & AI, top of mind topics fresh from Advent of Cloud Security last month & interviews of Cloud Security Podcast.
Thank you Gift - This is your Early Access to the Top 3 predictions as thank you for supporting and telling your friend about Cloud Security Newsletter in 2024.
Prediction 1: Run time Cloud Security enriched with Posture Management Insights
👉🏾 tl;dr - In 2025, Run time security will be the most talked about topic in Cloud Security as more organizations shift the triage of the Cloud environment security threats over to the Security operations team to manage who will need the “real time“ data from impacted resources to triage at scale and create appropriate detection rules in the SIEM of choice.
Cloud Security in 2025, 1 step back to take a huge leap forward.
Fall of CSPM & Rise of CNAPPs (early 2010s-2023)
In the evolution of how Cloud Security Professionals have worked on security of cloud, a large majority of us primarily focussed on Compliance drift and fighting the battle between Agent vs Agent-less way of collecting Cloud data with the help of Cloud Security Posture Management (CSPM).
Over the years, the CSPM, matured into Cloud Native Application Protection Platform (CNAPP) which can look after complex infrastructure types like Kubernetes while also showing us the attack path for why a misconfiguration can be exploited across more than 2 or 3 Cloud Services Providers. Whether the cloud “misconfiguration” is actually a “vulnerability” is still out for debate.More on that in a future newsletter issue. Everything seems good so far with CNAPP right? Well..The “Run time” Cloud Security (2023 - Present)
In all the real time data that the CNAPP providers were sharing with attack paths, a large majority of it was sitting in the “misconfiguration“ bucket. This meant the cloud security would have to work with the DevOps or Platform team to get time taken out from their precious sprints to investigate and resolve the misconfiguration if the resource is still present. This lead to the dreaded “Wall of Red“ of CSPM/CNAPP alerts that were being ignored for weeks and months.
This changed with the surge of AI and related workload being created in abundance across all Cloud environments for most cloud consumers. A lot of cloud security team focus shifted toward building guardrails for AI workloads and where needed enforcing framework to prevent data leakage. The icing on the cake was that the CNAPP and CSPM providers were still sending alerts.Why Runtime is the current answer?
The cloud security teams had to start shifting to more pro-active approach to how cloud security can be implemented in the beginning to stop the growing “Wall of Red“. This meant the existing alerts and misconfiguration needed to be triaged by someone.
Security Operations (SOC) teams who have always triaged & stopped any current threat faced by any company any time of the day stepped in. There is a problem here though, the CNAPP/CSPM data is never truly real time as it does not have context of the application it’s hosting and the data centre environment that is connected to the cloud environment.How Runtime will work?
“eBPF“ came to the rescue here. This Linux kernel capability that can run isolated programs across networking, security, observability & tracing use cases worked well with the already installed agents on application workload with the context of cloud and kubernetes.
Seeing the benefits - many vendors have already adopted “eBPF“ as part of their agents to provide more insights on the workload that is running in the cloud.Security Operations are the new owners of Cloud Security
Now, that there is more real time insights being provided and with existing logs and insights available from other Cloud and data centre environments, the Security Operations teams are able to work on phasing out the need for Cloud Security Engineers to triage and filter false positives. Instead the SOC team will be able to use insights from this real time data combined with the Posture management information quickly disregard false positives and triage actual security events.
This week's Issue is sponsored by Cloud Security Bootcamp
w
If you are looking to upskill your AWS Cloud Security or Kubernetes on AWS Cloud knowledge, you might want to check out Cloud Security Bootcamp.
Sign up today for upcoming AWS Security & Kubernetes Security January 2025 MasterClass and learn what Cloud Security Engineers and Architect do for work during the MasterClass on AWS Security, Amazon EKS & more with Labs,Walkthrough of the AWS Services used to build Applications in Cloud.
Prediction 2: Security Operations Centre (SOC) Teams are the new owners of Cloud Security (Detection & Response)
👉🏾 tl;dr Security Operation Centre (SOC) will play a bigger role in Cloud Security detection and response moving forward so the cybersecurity grand daddies who have always focussed on run time threat intelligence will be the stars in the coming year to help SOC teams work through cloud alerts along with other environments.
Traditionally, when an organization were going through a digital transformation with the creation of DevOps team and later the Platform teams. There was a clear distinction Cloud Security Engineers were more like Security Engineers who were putting the plumbing in for a CSPM or CNAPP to talk to all the Cloud Environments while also trying to respond to misconfigurations and working with DevOps and Product Teams to resolve the misconfigurations based on risk priority.
This changed in the last couple of years, cloud security engineers wanted to work more on building a Cloud Security Baseline instead of trying to constantly be fatigued by the fire hose of CSPM & CNAPP alerts. Growing business which were acquiring other companies also meant that bringing a whole new cloud environment into your existing wing meant more time building a baseline instead of trying to stand in front of another firehose of CSPM & CNAPP alerts.
With maturity and more time in cloud - the organization’s also started reaching an understanding on what they were building in Cloud and the true concern were real time threats impacting the cloud environments. They also wanted to know what was going on the edge network, on-premise data centres & OT environments which may have root cause in the cloud environment.
Security Operation (SOC) Teams that are already responsible for real time threats across the entire organization footprint and not just the cloud fitted the bill to take on such a responsibility. This lead to a market category for CADR and a new challenge for SOC Teams for a technology which they may not be that skilled in.
Now, there is a need for training for SOC Teams to understand the cloud services, what common threats in cloud are and how to create detection rules for cloud across complex infrastructure like Kubernetes not just virtual machines.
In terms of vendors who are facilitating this, those focussing on run time and bringing analytics, alerts, logs etc from multiple environments (datacentre,cloud, iot etc) would be the winner for this era. Fortunately a lot of Cybersecurity grand daddies already have been experts in Threat intelligence so this should be a walk in the park for most of them.
Prediction 3: Rise of DNAPP Category for native security of AI Application in Cloud
👉🏾 tl;dr AI Security in Cloud will bring DNAPP category creation, thanks to Majority security of AI Application in Cloud will focus on data security & 3rd party management, with a small slither actually standing out for true Security for AI.
AI for Security or Security with AI whichever camp you want to focus on in 2025, most of that is being built in Cloud environment (primarily AWS & Azure thanks to their partnership with Claude & OpenAI providers).
There are 2 sides to building AI application in Cloud. (1) Cloud Misconfiguration of Cloud native resources (2) Data Detection, Security & Response to a data related security incident.
(1) Cloud Misconfiguration of Cloud native resources
The traditional CSPM, CNAPP were falling short of what kind of AI is being used in the Cloud environment and which resources are focussed on AI.
This meant that the vendors in this space be creative and lead to the creation of AI-SPM category. AI-SPM is both about data security and cloud misconfiguration so there is a picture of what is the current risk - my data or the cloud native resource itself.
(2) Data Detection, Security & Response to a data related security incident.
As a CISO, i have a great Data Security Policy, Data Privacy team etc. However, knowing "what" type of data was "where" at a given point 😅 was a can of worms no one wanted to open especially in a world where employees can bring their own personal phone into a workplace.
With the growth of AI usage or experimentation rather in majority organizations. The "location" and "type" (PII, PHI etc) of data is paramount to start making quick decisions on AI projects and what data type it can work with.
Data Security Roadmap are part of a Security Programs in 2025. DSPM as a category of solution, is the posture and discovery opportunity that currently seems to fit the bill. Similar to how CSPM was the first phase of Cloud Security, DSPM for now fits that posture and location of the problem challenge.
But there is a Gap for CISOs!
However, what is happening to the data at "run-time" e.g is Ashish copying large amount of PII from my Cloud environment and not perhaps also from my email will be the next challenge. DLP has existed for some time but not for "native" workloads e.g Cloud native or Cloud hosted etc.
The existing DLP market has found addressing the Cloud Native space challenging so a DSPM company becoming a DLP will be the next obvious step.
DNAPP, as I would like to coin it with love & blessing from my linkedin community of course. The DSPM and DLP market will converge in an AI and Cloud Security world.
🔗 Do you agree with my predictions? 📚
Respond to this email. I would love to hear your thoughts ❣️ 🙏
We would love to hear from you📢 for a feature or topic request or if you would like to sponsor an edition of Cloud Security Newsletter.
Thank you for continuing to subscribe and Welcome to the new members in tis newsletter community💙
Peace!
Was this forwarded to you? You can Sign up here, to join our growing readership.
Want to sponsor the next newsletter edition! Lets make it happen
Have you joined our FREE Monthly Cloud Security Bootcamp yet?
checkout our sister podcast AI Cybersecurity Podcast