HIT Think

How the shift to the cloud could affect 3 data security trends

Register now

The year 2018 proved to be unlike any other for security professionals. From high-profile breaches and heavy government scrutiny to new data privacy regulations, the year ended up being quite eventful.

A key theme from 2018 was the ongoing rise of cloud adoption. Organizations everywhere are continuing to migrate because of the cloud’s ability to provide increased efficiency, collaboration, and flexibility.

Fortunately, with this continued adoption of cloud has also come an emphasis on cloud security. In particular, the enterprise is focusing more than ever on using and securing cloud infrastructure. As a result, Gartner projects that infrastructure as a service (IaaS) will grow to be a $39.5 billion market by the end of this year.

Have organizations learned from their security lapses of the past year? Will they be able to keep up with the quickly changing security landscape to protect their assets in new infrastructure-as-a-service environments? Here are three trends we can expect to take shape in 2019.

With more cloud activity, is protect adequate?
There is no doubt that cloud computing is on the rise. Organizations everywhere are increasingly adopting cloud-based tools like Office 365, G Suite, AWS, Salesforce and Slack. According to recent Bitglass research, the percentage of organizations around the world that use at least one cloud-based tool reached 81 percent in 2018.

Unfortunately, cloud security is lagging. The aforementioned study also found that only 25 percent of organizations in 2018 used single sign-on (SSO), an elementary requirement for protecting data in the cloud.

Cloud adoption will continue to grow in 2019; however, most organizations will fail to deploy security measures appropriate for protecting data in the cloud. This means that the carelessness of organizations operating in this new landscape will lead to numerous data breaches next year.

IaaS fuels rise in cryptojacking
Over the past year, cloud cryptojacking rapidly emerged as the hacker’s tool of choice. This type of attack combines two pre-existing tactics: cryptojacking (when malicious individuals appropriate devices’ compute power to mine for cryptocurrency) and cloudjacking (when illegitimate third-parties hijack enterprise cloud resources). When used together, the two can be used to mine cryptocurrency subtly and quickly, representing a lucrative strategy for cybercriminals.

Unfortunately, we can expect to see more cloud cryptojacking in 2019 and beyond. Infrastructure-as-a-service platforms like Amazon Web Services are a prime target for cloud cryptojacking attacks. When left unsecured, these platforms offer a massive amount of processing power and an environment where attackers can stealthily mine for large volumes of cryptocurrency. With the market for this cloud-based infrastructure on the rise, 2019 is sure to bring increased cloud cryptojacking activity.

Global data privacy Regulation renaissance
Unfortunately, countless organizations have proven to be poor stewards of consumer data. In 2018, multiple data privacy regulations were either introduced or passed, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). As such, organizations are now accountable to various government guidelines around the collection, storage, management, and protection of customer information.

In 2019, more regulations with similar goals will start to take effect globally. These regulations will include rules to assure that only permitted parties can access data; guarding against unauthorized viewing and sharing of sensitive information is a top priority in cybersecurity. In this way, cybersecurity will make its way centerstage in 2019.

There’s no question that cybersecurity and, consequently, the threat landscape will continue to evolve in 2019 as more organizations use cloud-based solutions like IaaS. As such, security teams need to be able to adapt more quickly if they want to keep up with hackers, increased regulatory demands, and their enterprises’ ongoing digital transformations. Only then can they ensure that their data is safe in today’s dynamic, cloud-first world.

This story originally appeared in Information Management.
For reprint and licensing requests for this article, click here.