Cloud computing and the extended cloud service industry have become mainstream in today’s IT industry. To make it simple, cloud service offers cloud computing services, which provide IT resources on-demand through the internet and uses a pay-per-use pricing method based on subscription licensing and centralized hosting.
Speaking of the birth of cloud services, we must mention Marc Benioff in Silicon Valley. In 1998, Benioff started to build Salesforce when he was still working at Oracle. Oracle’s software requires millions of dollars in upfront costs, several years of internal deployment and ongoing maintenance costs. He also saw the trend of online simplicity led by the online bookstore Amazon, and he wanted such an innovation for enterprise software. Oracle cofounder Larry Ellison also invested US$2 million in the initial Salesforce and joined the Salesforce board of directors.
With the support of Ellison, Benioff founded a new company called Salesforce. Salesforce’s first innovation was not a function, but a new business model. He wanted to make software a public utility like the power industry, so he innovated the subscription price model of Salesforce. In this way, a new business model of cloud services was born.
Why is the cloud market booming now?
With the COVID-19 pandemic wreaking havoc the past couple years, many companies announced a work-from-home policy. Some budget-conscious employees also dispersed from where they originally lived to areas with lower costs. The elimination of this regional psychological restriction also gave management many new ideas.
For example, many employees can now work remotely, and even internationally in some cases. Some local service providers may be reconsidered with the replacement of cloud services due to the trend of multi-location collaboration.
Cloud services trends and some security solutions
In cloud services, it is generally difficult for the giants to monopolize the market. This provides more opportunities for market participants. However, in the SaaS vertical, industry barriers are high, preventing strong competitors from grabbing market share. Because of the continuing trends of the vertical coverage of each cloud software, cloud software subscribed by various companies has brought a new series of growth points to this market, including cloud integration security products and visualization solutions for multicloud/hypercloud apps.
One of the security solutions is Cloud Security Posture Management (CSPM), for which platforms offer integrations into the configuration of multi-cloud services. Organizations can use CSPM to consolidate any possible misconfigurations with the alerts of issues and possible risks and create a transparent platform with compliance frameworks considerations. To secure the data between in-house IT architecture and cloud environments, Cloud Access Security Brokers (CASB) are increasingly used in conjunction with CSPM. Also combined with API access, the CSPM may extend the capability with DevSecOps workflows to prevent the questionable codes and configurations from reaching production.
The vertical niche development of cloud also gives a chance to combine cloud and other emerging technologies to move the innovation forward. We have seen cloud solutions in IoT, blockchain, etc. The volume of data and processing requirements from cloud services also supports the further growth of artificial intelligence, machine learning and quantum computing areas, which indirectly triggered additional pain points and innovation solutions in cybersecurity industry. Some hot topics in this area include:
- The zero-trust model assures the users get access only to the information that they need based on the concept that there is no pre-defined level of trust ascribed to a user, workload, device, or network.
- Data protection between on-premises environment and cloud.
- Serverless computing with related security. Serverless computing is a cloud computing execution model in which the cloud provider allocates machine resources on demand, which reduces the headache of managing infrastructure. The organization may additionally build security around the functions within the applications hosted by third-party cloud providers.
- Edge computing with related security protection trends involves storing data and information in localized data centers closer to the devices that use them. The related security procedures are aimed at protecting data that lives or transports through devices out of centralized data centers.
- Security for computing-as-a-service: cloud quantum computing, which may help with the current slow speed of blockchain services. This includes security concerns of using cloud quantum computing resources to compromise legacy infrastructures. (People who are interested in this area are recommended to explore more on post-quantum cryptography.)
Data behavior and AI-based threat hunting in the hypercloud/multicloud
The concept of threat hunting assumes there were traceable compromises/potential intruders who can be detected proactively before any alerts are generated. Data behavior and AI-based threat hunting within and across each domain will largely improve the labor-intense and time-consuming methods of threat hunting.
Overall, cloud security is a big market with multiple solutions to address different security concerns. I’d like to encourage security innovators to explore more in this area because of the potential market size and the many pain points that can be addressed.
Editor’s note: For more on this topic, watch the recent ISACA LinkedIn Live session on cloud computing.
