In today’s multicloud environment, you can’t protect what you can’t see

Check out the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiency by improving and scaling citizen developers. Watch now.

For organizations to win the ever-increasing fight against increasingly sophisticated cyberattacks, business leaders need innovative multi-cloud solutions that enable customers to connect and protect any workload in any location delivered through SaaS applications. On-premises security protocols of the past had to evolve to meet the IT needs of 10 years ago, and now cloud security must catch up with the reality of today’s hybrid workforce.

Adoption of tools like Salesforce, Slack, Google Workspace, and Zoom has only accelerated during the pandemic, with organizations of 1,000+ employees using more than 150 SaaS apps on average. The need to protect your most critical cloud applications from cyberattacks is more prevalent than ever, and it’s not going away any time soon. With this in mind, business leaders are under pressure to ensure that security protocols, budgets and preparations are in place.

IT and security teams need more visibility

A recent report showed that 94% of businesses rely on cloud services and SaaS applications to operate in today’s hybrid workforce and store sensitive data. When a single application is breached, an organization’s entire suite of applications, and the sensitive data behind them, becomes available to cybercriminals. We saw this with the recent GitHub breach, and it won’t be the last time bad actors breach an organization’s critical infrastructure via an application. There is a shared responsibility that must be recognized between SaaS application providers and the security teams within the organizations deploying the applications to ensure visibility into all network activity.

To stop these growing threats, IT and security teams need more visibility into the current work environment that others can’t see. If they can’t see what tools are being used or who has access to them, they won’t be able to protect the network. We’ve seen massive cloud adoption over the last five years, and now we need to bring visibility along with it. It is important not to forget the basics of security. As a decision maker, you made the right decision to move to the cloud; now you need to make sure the environment is secure.

Organizations must prepare for an increase in lateral movement

According to our recent survey, lateral movement was seen in 25% of all attacks, with cybercriminals leveraging everything from file storage applications (46%) to enterprise communications platforms (41%) to poke around internal networks . A full-fidelity threat intelligence solution is needed to protect enterprises against threats targeting the applications and tools their businesses depend on to operate.

Not all apps are created equal from a security standpoint. As a business decision maker, you need to have a 360° view of the risks your business faces, gain better visibility, and shift budgets to cover your most critical IT, cloud, and security needs. Advanced techniques are being used to make the attacks more destructive and targeted. Cybercriminals are achieving this through emerging techniques and, catalyzed by the shift to remote work, 32% of respondents have also experienced adversaries leveraging enterprise communication platforms to move around a given environment and launch sophisticated attacks. This means cyber attackers access sensitive data in the cloud, from financial information like payroll and human resources data to information about your customers and vendors, putting your entire business at risk.

Businesses must prioritize cloud security tools amid budget cuts and economic uncertainty

Security teams have spent years of their lives in the non-cloud world and are aware of the gaps and shortcomings. As a result, they are now allocating a budget line to the cloud, but that mentality is not working. The more aware you are as a business decision maker, the better you can see budget needs and risks. You can’t cut incremental spend from one area of ​​your budget and put it all in the cloud. The most important thing to consider when allocating or adjusting your budget is the ROI you get from the tools. You need to take a bit of a ruthless approach: if certain tools don’t show remarkable performance, you should move on. The cloud is here to stay, and you need to focus on investing in and protecting it.

As we look ahead to 2023, I expect it to be the year of large-scale, high-volume cloud-based cyberattacks. It’s up to business and security leaders to ensure the right cloud security protections are in place to prevent and stop these threats. Organizations have gone through years of cloud migration and infrastructure upgrades, so the opportunity for risk is there. Cybercriminals have been honing their own skills and are poised to breach organizations and obtain critical information. Without the necessary security and visibility protocols, a perfect storm is created. It is critical to get out of this now.

Scott Lundgren is CTO of the VMware Security Business Unit and a member of the founding team of Carbon Black.


Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including data techies, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read more about DataDecisionMakers

Leave a Comment