What vulnerabilities are obscured by your cloud environments?

As organizations expand and increasingly invest in more cloud applications and services, their cloud footprint grows and often becomes more complex. That’s why it is critically important to regularly reevaluate the security of those cloud assets to ensure that everything is secure, and the required processes and procedures are being upheld.

The growth in cloud services continues unabated. In fact, according to Synergy Research, spending on cloud infrastructure increased 19% in 2023. The increase in Q4 2023 from the previous quarter was “by far the largest quarter-on-quarter increase ever achieved,” according to the research firm.

Gartner, Inc., projects a 14% increase in global spending on security and risk management in 2024, attributing the increase to the impacts of cloud, hybrid workforce, generative AI, and the regulatory environment. The good news is that Gartner says organizations are adopting technical security capabilities for greater visibility and responsiveness across their digital ecosystems.

Still, cloud security spending is expected to grow by 24.7% from 2023, as organizations dole out $7 billion this year for cloud access security broker (CASB) software and cloud workload protection platforms. That’s on top of $90 billion being spent on security services, including consulting, IT outsourcing, implementation, and hardware support.

Regaining control with AI and automation

With developers turning to generative AI for faster code development, security teams face new challenges in staying up to date on how the organization’s security posture is being impacted. The problem has overwhelmed human teams, which are eagerly looking to AI and automation to regain control.

The numbers of cybersecurity common vulnerabilities and exposures (CVEs) continue to mount year over year, with almost 29,000 reported in 2023 alone.

“No human in the modern enterprise can go through code line-by-line to identify the root causes of all those vulnerabilities,” says Amol Mathur, senior vice president of products for Palo Alto Networks’ Prisma Cloud cloud-native application protection platform (CNAPP).

Palo Alto Networks Unit 42 Cloud Threat Report reports that sensitive data such as personally identifiable information, financial records, and intellectual property are found in 66% of storage buckets and 63% of exposed storage buckets. Meanwhile, according to Unit 42, cloud users are repeating the same mistakes over and over, with 5% of their security rules triggering 80% of alerts.

Mathur suggests that cloud security decision-makers ask the following of their vendors and service providers:

• Why is a platform approach needed to ensure proper cloud security?
• Does your cloud security platform provide code to cloud protection?
• Is the platform applying the concepts of artificial intelligence and machine learning to “do the heavy lifting” on those tasks that require a lot of expertise, which many organizations lack?
• Does the platform prioritize vulnerabilities to  focus on what threats are most critical?

• Does the platform provide security and developer teams with the necessary context into vulnerabilities so they can fix the problems in near real-time?

“Just finding an issue and throwing it at the end user is not going to help them,” says Mathur. “Organizations typically use separate tools for detection in source code, where risks manifest, and in runtime, where they are exploited, and there’s no intelligence connecting either of the tools.      

“Understanding the issue and how it needs to be remediated, and whether that can be done at scale is very important,” Mathur continued. “Taking that context, then applying AI and machine learning to prioritize what issues need to be addressed is essential to keep up with the threats. To keep pace with today’s cloud threats, organizations need an AI led cloud security platform that connects the left to the right or in other words – from code to cloud.”

To learn more, visit here.