Cloud security has become one of the fastest-growing sub-sectors of the cybersecurity market over the past five years, with organizations of all sizes in the market for tools and solutions that protect operations and data management.
According to IT consulting service Veritis, cloud spend accounted for 56 percent of total IT spend in 2022. Cloud security is a major part of this spend, according to HG Insights State of Cloud Security Report, $76 billion was spent on cloud security in 2022.
Lots of cloud security spend is segmented however, with 78 percent of organizations using over 50 products to address cybersecurity issues, according to a KPMG report published in 2020. This patchwork approach to cybersecurity can often be misconfigured, with security tools overlapping in their responsibilities and others not providing any form of value.
Cloud service providers and other cloud security solutions are attempting to fix this by building cloud-native application protection platforms (CNAPP), which are aimed at replacing this patchwork-style of cybersecurity with a single platform for cloud-native workloads.
In order for a CNAPP to work, it needs to cover a wide range of cloud security categories. Most providers already offer some of the main cloud security solutions as part of their platform, like infrastructure-as-code scanning, posture management, and workload protection. However, these providers need to be on the front foot for all new cloud security categories which may become necessities in the future. In HG Insights’ report we cited before, four categories of the future were identified as the future of cloud security:
Identity Access Management
Access management is important for businesses of all sizes and industries, as it provides the layers of protection and access that organizations need to ensure that employees and users can access resources in a timely manner, while preventing unauthorized access. This is done through the use of two-factor authentication, single sign-on systems, and privileged access management solutions. Microsoft, SailPoint, and okta are considered the incumbent leaders in this market. HG Insights sees evolutions in dynamic, just-in-time authorization for specific actions, alongside the use of machine learning processes to recognize historical patterns and resource sensitivity.
Having a solution that covers identifying, fixing, and preventing vulnerabilities over the entire application lifecycle can ensure consistency in the development process, and enable organizations to root out issues before production. According to HG Insights, Palo Alto Networks is by far the largest application security provider with more than double the client base of the next largest competitor. It sees AppSec becoming more aligned with AppDev in the near future, to catch vulnerabilities at the earliest stage of the development cycle.
With the amount of data flowing through businesses, it is impossible for humans to be in charge of detecting all security compromises. Tools which automate this process are in high demand, and Splunk and Cortex the incumbent providers of security automation services. Holistic automation services are expected to be the next step in this market, with low or no-code workflows to enable non-IT teams to build automated security programs.
Protecting data and securing sensitive data from interception or unauthorized acccess are the key pillars of data security. This also includes protecting data from corruption or destruction by internal or external actors. Data security providers are responsible for a large remit of security tools, including DDoS mitigation. The maturation of AI is expected to be of major importance to this market, and providers will look to add developer-friendly data access to limit the risk of breaches.