In the chess match that is cybersecurity in the cloud, enterprises are moving their “pieces” to the wrong places. What’s more, they begin the game at a disadvantage because their opponent—the threat adversary—usually makes the first move. And security operations center (SOC) teams often don’t realize where that first move occurred until days or weeks after it happened (or longer), which allows the adversary the luxury of time to do considerable damage.

This results in onerous circumstances with constant configuration changes to counter the escalating volume, velocity and variety of threats. Subsequently, businesses are under the gun to quickly develop a better plan, given the cloud’s increasing ubiquity: Cloud adoption has reached near-universal levels, with 96 percent of organizations using it in some form, according to research from RightScale. On average, companies are using nearly five different cloud environments at a time. Just over one-half are deploying a hybrid cloud strategy, as opposed to only 1 in 5 that are committed to a multiple public cloud environment and 1 in 10 that are deploying a multiple private cloud strategy.

Security ranks as the top challenge of this cloud activity, as cited by 77 percent of businesses—with 3 in 10 describing it as a “significant” challenge, according to the RightScale research. In another survey from Oracle and KPMG, the inability to maintain secure configurations for cloud-located workloads ranked as the top cloud security challenge, as cited by 2 in 5 cybersecurity and IT professionals. A lack of visibility also creates major issues, as 7 in 10 of these professionals said their organization is able to collect and analyze no more than 60 percent of their security event/telemetry data.

Companies are struggling because, as indicated, they’re directing their resources to the wrong places. They layer defenses around their most important data assets, which may establish protection when these assets are on-premises. However, when they extend to partners and providers in multiple private and external cloud environments, it’s virtually impossible for traditional tools to police the entire hybrid ecosystem—where it only takes one missed intrusion or accidental data exposure to trigger costly consequences.

That’s why it’s essential to stop trying to control the servers that support files and activity and instead direct resources to the areas where hybrid clouds summon data to enable on-demand workload computations and business decision-making. By focusing on workloads, you’re no longer thinking about security in terms of walls and borders. You’re protecting the points in cloud computing where users access data to do something. After all, this is where breaches and compliance problems emerge.

We call this “cloud workload protection,” a market that is expected to grow to $6.7 billion by 2023, up from $2.25 billion in 2018, according to a forecast from MarketsandMarkets. Clearly, we are approaching a period in which CIOs, CTOs, chief information security officers (CISOs) and other enterprise IT decision-makers will need to carefully consider acquiring and deploying these solutions. We believe that the following factors will drive them to go in this direction:

Cloud protection requires a completely different—and transformational—game plan than on-premises protection. Companies are embracing the concept of digital transformation. Two-thirds of organizations, in fact, are actively pursuing this, and 3 in 5 executives rate their business as “mature” in their progress. Cloud migration, of course, plays a critical role in achieving this. But you can’t ignore the transformation of cybersecurity techniques as part of your strategy. When everything is moving to the cloud, SOCs do not have the same level of control over data, files and activity. Traditional approaches will inevitably fail “out there” because they lack the needed flexibility for effective prevention and protection. By building policies and practices around the cloud workloads, you’re taking the next, key step along the path toward a true transformation.

Organizations will benefit from more capable regulatory compliance. Teams are under pressure to satisfy regulations of their industry, whether it’s Sarbanes-Oxley and SEC rules for public companies, the Health Insurance Portability and Accountability Act (HIPAA) for healthcare practitioners or the Payment Card Industry Data Security Standard (PCI DSS) for retailers and financial institutions. More recently, the European Union’s General Data Protection Regulation (GDPR) is requiring companies to proactively incorporate data protection into business processes for products and services. By investing in tools that address cloud cybersecurity from a workload perspective, corporate leaders readily demonstrate to regulatory officers that they’re allocating resources to where the threats emerge, to establish a higher degree of data defense.

Cloud workload protection brings a better way to identify your assets and activity in the cloud—and secure it at scale. On-premises assets are relatively easy to track because they use consistent IP addresses. But once they head out to the cloud, the IP addresses constantly change as workloads move around. If you, say, run a scan according to IP address, you’re taking part in a fairly unproductive exercise since the IP address scanned won’t be relevant for much longer. Cloud workload protection avoids this by focusing on what are called global unique identifiers (GUIDs) for workloads no matter where they are, with their virtual machines or containers providing a more consistent way of ensuring effective identification. In addition, workload protection solutions enable policy enforcement at the scale which the cloud demands.

To win in chess, you must stay at least one step ahead of your opponent, by anticipating what you have that’s valuable and then developing strategies to keep it “safe.” Workload protection functions very much in the same manner, only at a far greater scale: You apply GUIDs to track workloads as they go from place to place in the cloud, so you maintain absolute visibility everywhere that activity occurs which could impact your assets, i.e., you’re always “there” before the adversaries arrive. This immediately positions you to more effectively protect what you have while preventing future threats. In most cases, the bad guys will swiftly recognize that they’re wasting their time, and move on, because no one—especially them—likes to be on the losing side of “checkmate.”

— Kaus Phaltankar