Gartner Webinars Gartner delivers actionable, objective insight, guidance and tools to enable stronger performance on your organization’s mission critical priorities Enhance your webinar experience Ask a Question 2 RESTRICTED DISTRIBUTION © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Download Attachments Share This Webinar Gartner Outlook for Cloud Security Neil MacDonald Distinguished VP Analyst 3 RESTRICTED DISTRIBUTION © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Connect with Gartner Your data center is the cloud. Your users, applications and data are everywhere. And your network is the internet. Are You Ready? 4 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. But cloud security is still security … … and the cloud is part of every business 5 ©©2022 2022Gartner, Gartner,Inc. Inc.and/or and/oritsitsaffiliates. affiliates.All Allrights rightsreserved. reserved.Gartner Gartnerisisaaregistered registeredtrademark trademarkofofGartner, Gartner,Inc. Inc.and anditsitsaffiliates. affiliates. Polling Question 1 of 2 How to participate in our polling Do you have a separate team for cloud security? If you are in full screen mode – click Esc The poll question is on the “Vote” tab. Please click the box to make your selection. Upon voting you will see the results. A. No, it's always been handled by the security team Thank you! B. No, but we recently recombined the teams C. Yes, there’s a dedicated cloud security team within the security organization D. Yes, within our cloud center of excellence team E. Yes, within the overall cloud architecture team Q. Polling Question (please choose 1 answer) A. Answer B. Answer C. Answer D. Answer E. Answer 6 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Key Issues 1. New business models mean new risks! 2. Not all cloud are the same — don’t treat them as if they are 3. Bring the cloud success to the enterprise 4. Futures 7 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Key Issues 1. New business models mean new risks! 2. Not all cloud are the same — don’t treat them as if they are 3. Bring the cloud success to the enterprise 4. Futures 8 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Digital Transformation Creates New Exposures • Cloud migration approaches corelate to cloud-native services adoption Cloud Migration Approaches • Lift and shift along with security may work initially Replace • Application modernization leveraging containers and fPaaS will render some security approaches obsolete SaaS Choose a SaaS Provider Lift and Shift Lift and Optimize Move and Improve Refactor Application Design Development Development f(x) IaaS IaaS Cloud Services Containers Application modernization 9 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. fPass New Security Threats — Container Example Threat Vector 4: Image Registry Threat Vector 6: Cloud Configuration 10 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Threat Vector 8: Microservices Architecture (MSA) Communication and Network Segmentation Evolving Security Approaches for Cloud Native Applications Cloud-native application protection platforms needs to address: – Runtime Protection – Cloud Configuration – Artifact Scanning – DevSecOps Enablement 11 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Key Issue Take-Away: Born in the cloud enterprises and their security investments can be a guide to the future state of security 12 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Key Issues 1. New business models mean new risks! 2. Not all cloud are the same — don’t treat them as if they are 3. Bring the cloud success to the enterprise 4. Futures 13 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. The Nuances of Split Responsibility Customer Responsibility Shared or Contingent on Deployment Pattern Private/ On-Prem Business Continuity Identity and Access Management Data Configuration Application Application API Workload Virtual Network Service Orchestration Virtualization/Cloud Infrastructure Physical 14 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. IaaS Cloud Provider Responsibility CaaS FaaS PaaS SaaS Configuration • Most breaches self-inflicted by configuration errors • Massive complexity with identity and services • SaaS is not “simple-as-a-service” – configuration complexities • • • • 15 Establish appropriate baseline configurations Automate posture validation and management Use xSPM as appropriate for your environment Shift left and embrace Infrastructure as code © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Through 2025, more than 99 percent of cloud breaches will have a root cause of a customer misconfiguration or mistake. Identity • Control plane for security • Fine-grained and increasingly complex • Evolving users & workloads need to be validated • Federate your identity sources • Enforce MFA everywhere • Automate complex auditing with CIEM 17 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Access Patterns Are Inverting, Changing Network and Network Security Architectures CIPS CIPS Branch Branch Inversion Identity Data Center Internet SaaS Internet SaaS Data Center Enable the “branch office of one” anywhere, anytime worker. 18 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Data 19 • • • • You own the data — what data is where? Mesh of connections ! Assess data risk Do not ignore business continuity • • • • Protect data access in SaaS with CASB Use ZTNA with data security for IaaS and on-premises Encrypt your data and Hold Your Own Key Backup — but be aware of limitations in SaaS © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. … and then there’s Multicloud • Microservices vs. SaaS security • Shift to the left • Balance of provider-native vs. third party • ‘x’ Security Posture Management (SaaS, Network, Cloud, Kubernetes) • Cloud Workload Protection Platforms • Cloud-Native Application Protection Platforms 20 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Cloud Security Tool Coverage Source: Gartner 21 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Key Issue Take-Away: The cloud isn’t one thing. Securing the cloud won’t be one thing either. 22 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Key Issues 1. New business models mean new risks! 2. Not all cloud are the same — don’t treat them as if they are 3. Bring the cloud success to the enterprise 4. Futures 23 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Learning From Cloud to Secure the Enterprise As more enterprise systems migrate to cloud: • Assess cloud security successes • Determine what can be brought back to on-premises/data center systems Cloud On-Premises • Look to control security from the cloud • Seek to have as many common controls as possible 24 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Enterprise Security Enhancements After Cloud On-Premises Cloud Monitoring & Sec Ops Application Security Common monitoring and identity fabric. Infrastructure Security Network Security Identity & Access Data Security 25 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Common security tooling across all enterprise systems. Key Issue Take-Away: Cloud security capabilities are likely newer and more versatile. Apply these to your on-premises systems where suitable. 26 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Good Security Practices — Everywhere! Zero Trust Security Visibility Application Security Infrastructure Security Identity & Access Network Security 27 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Data Security Cloud as a Catalyst for Security Transformation • • • • • ZTNA for end-user access to apps Identity-based segmentation by default PAM/MFA for all administrative access Full monitoring and analysis of all activities Cloud-native applications offer opportunities: – Scanning of all components in development – Container admission control and process control – Identity-based segmentation for service-to-service communications – Immutable infrastructure adoption Properly implemented, cloud-native applications deployed on cloud infrastructure will be the most secure applications your organization has ever developed and deployed. 28 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Key Issues 1. New business models mean new risks! 2. Not all cloud are the same — don’t treat them as if they are 3. Bring the cloud success to the enterprise 4. Futures 29 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. The Future of Network Security Is SASE 30 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Kubernetes: The New Cloud You Have to Secure • Has its own IAM system and namespace • Supports RBAC • Common Networking Interface • Configuration via YAML, Helm • Optional service mesh • Optional policies via OPA • CIS Hardening Guidelines 31 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Sovereign Clouds and Data Sovereignty Secure Access to the Cloud • • • • 32 Geofencing of data Geo-based routing Country-specific logging On-premises based inspection © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Secure Usage in the Cloud • • • • • • External key managers Homomorphic encryption Differential privacy Bare metal as a service Confidential computing Distributed cloud Distributed Cloud 76% of organizations prefer to have cloud computing at a location of their choice. Definition: The distribution of public cloud services to different physical locations while operation, governance, and evolution of the services remain the responsibility of the public cloud provider. By 2025, more than 50% of enterprises will use a distributed cloud option at the location of their choice. 33 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Immutable Infrastructure Sec Dev Make all updates and changes here Ops Runtime infrastructure is immutable Organizations adopting DevSecOps and immutable infrastructure practices will reduce security incidents by more than 70%. 34 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Polling Question 2 of 2 How to participate in our polling Which new cloud security tool are you investing the most in over the next 12 months? If you are in full screen mode – click Esc The poll question is on the “Vote” tab. Please click the box to make your selection. Upon voting you will see the results. A. SASE / (SSE) Security Service Edge Thank you! B. Cloud security posture management C. Cloud access security broker D. Cloud infrastructure and entitlements management E. SaaS security posture management Q. Polling Question (please choose 1 answer) A. Answer B. Answer C. Answer D. Answer E. Answer 35 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Recommendations Prepare for more clouds of different types, not less Match your controls to your situation; SaaS, PaaS variants and IaaS Own and tightly control identity and privilege — and monitor! Automate configuration validation — across all clouds Get visibility and control of data in — across all clouds Shift left and work with your developers and in their world Use the adoption of cloud as a catalyst to adopt zero trust by default Seize opportunities to follow cloud approaches back to on-premises 36 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Final Thoughts: We Need to Change Too … • Think of security as guiderails, not gates • The single biggest impact on security over time will come with an immutable infrastructure mindset combined with a zero-trust security posture • Using more security vendors is not defense in depth • Be open to switching and consolidating security providers: – – – – – 37 SaaS-based management consoles Full cloud integration — IaaS, PaaS and Kubernetes Fully API-enabled, ability to shift left as needed Support for containers and serverless Pricing models that make sense © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. Ask your questions Type your question here… Send Question 38 RESTRICTED DISTRIBUTION © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Security & Risk Management Summit 21 – 22 June 2022 | Sydney, Australia 25 – 27 July 2022 | Tokyo, Japan 12 – 14 Sep 2022 | London, UK Hear independent experts on what matters most now and how to prepare for what’s ahead. You’ll learn how to create the security and integrated risk management plans you need to give your organization the freedom to grow and innovate with confidence. At this year’s conference, you’ll learn how to: Design secure architectures and technical solutions to support digital business objectives Learn more: gartner.com/conf/security Adapt your data privacy management program to keep pace with rapidly developing regulations Register with code WEBINAR for an exclusive discount. Understand the latest trends in cybersecurity, cloud security, application security, data security and related technologies © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. The IT Roadmap for Cybersecurity Follow these best practices to create a resilient, scalable, and agile cybersecurity strategy. Download the Roadmap RESTRICTED DISTRIBUTION 40 © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner can help you achieve your mission critical priorities Strengthen and accelerate key decisions with actionable insights and expert advice. Learn More 41 RESTRICTED DISTRIBUTION © 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner for IT on Social Media Want to stay in-the-know? Connect with us on LinkedIn and Twitter to receive the latest Gartner IT insights and updates across research, events and more. It’s all curated specifically for IT leaders and decision-makers. Follow us on RESTRICTED DISTRIBUTION © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. Get more Gartner insights Download the research slides View upcoming and on-demand Gartner webinars at gartner.com/webinars Rate this webinar 43 RESTRICTED DISTRIBUTION © 2022 Gartner, Inc. and/or its affiliates. All rights reserved.