The worldwide public cloud computing market is projected to reach nearly $500 billion USD this year, with projections to clear nearly $600 billion next year. It’s no surprise, given that nine out of ten survey respondents reported using at least one cloud service.
With so much cloud adoption, cloud security services are in high demand. However, they’re not all created equal, and they don’t all do the same things. So, how can an Extended Detection and Response (XDR) solution secure your cloud-based assets?
Gartner defines cloud security as “the processes, mechanisms and services used to control the security, compliance and other usage risks of cloud computing.” Pretty straightforward, and it is important to note that “the term does not encompass security services delivered from the cloud (security as a service) that are intended to be used outside the cloud.”
So, what are some of the key elements in securing the cloud? Infosec Institute lists five to note:
To provide government-backed best practices for cloud migration and the data protection that comes with it, CISA released their Cloud Security Technical Reference Architecture, which outlines the shared risk model for cloud service adoption, how to build a cloud environment, and how to secure it.
Generally speaking, cloud security controls are relatively straightforward: it’s simply securing your assets in the cloud in a “lift and shift” model, which can operate on the assumption that you’ve got one cloud of one variety (private or public).
However, in today’s IT environments, more complex cloud implementations arise. Companies are using private clouds, public clouds and hybrid clouds, which Gartner refers to as “a mixture of internal and external cloud services.”
In 2020, the hybrid cloud market was valued at over $50 billion, and by 2026, it is projected to clear $145 billion, according to Statista. A Cloud workload Protection Platform (CWPP) is built for the cloud use-cases of today, as 87% of organizations that use the cloud have a hybrid cloud strategy, according to research cited by TechPriceCrunch. As well, 96% of organizations surveyed reported using or evaluating Kubernetes, according to the Annual Survey 2021 by the Cloud Native Computing Foundation.
Hybrid or multi-cloud adoption continues to trend upwards and as a result, increasing cloud security requirements. Last year, 73% of security enterprises reported using two public clouds, and 26% percent were using three or more, according to one study. CIO Online notes that multi-cloud users see a 42% faster rate in application release and subsequent 35% increase in revenue, and four in ten spent less time on IT infrastructure and security incidents, so the benefits are obvious.
Microservices adoption is another primary driver of cloud complexity. Kubernetes has almost become synonymous with containerized services, microservices and VMS, and continues to skyrocket.
According to the same CNCF survey, nearly 70% reported using Kubernetes in production, and roughly 30% of backend developers use it. It makes sense, given that over half of IT professionals surveyed expect it to lower their costs by upwards of 20%, according to a report by Pure Storage.
And, of those Kubernetes users, nine in ten leverage cloud-managed services, reports DataDog: “Today, almost all containers are orchestrated, with Kubernetes used by over half of organizations.” And, according to another industry survey, “Respondents who used containers to deploy and manage microservices were significantly more likely to report success than those who didn’t.”
When considering companies are using more clouds (hybrid, multi), and are doing more within those clouds (microservices), it becomes apparent that increasingly complex usage instances demand cloud security considerations that can scale, and that’s where XDR comes into play.
An XDR solution for Cloud Workloads accounts for these complexities of cloud usage today, securing all cloud-based assets - be it single cloud, hybrid cloud or multi-cloud, and in various microservices-oriented and serverless architectures.
Gartner defines CWPP as “a “workload-centric security solution that targets the unique protection requirements” of workloads within a modern enterprise, which have grown to include not only physical servers, but containers, virtual machines (VMs) and serverless workloads.
This growing complexity demands increasingly complex cloud-based protection that can keep up. A robust solution should offer:
An XDR solution for Cloud Workloads should also support Zero Trust for cloud environments, providing the following benefits:
An XDR solution for Cloud Workloads not only allows you to securely (and confidently) accelerate development of cloud-native applications, but allows you to fully access the resources, technologies, and capabilities of the cloud without unbounded by security limitations and at the speed you can scale.
Cybereason XDR for Cloud Workloads secures cloud workloads, containers and hosts at unmatched speed and planetary scale. Cybereason is dedicated to teaming with Defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about AI-driven Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.