Accelerated cloud migration made sense at the height of the pandemic; however, companies could face different issues in the future.
Organizations that hastened their adoption of cloud-native applications, SaaS, and other cloud-based tools to deal with the pandemic may have to consider other security issues as future "new normal" operations take shape. Although many businesses continue to benefit from remote operations, hybrid workplaces could be on the horizon for others. Experts from cybersecurity firm Snyk and SaaS management platform BetterCloud see new security scenarios for cloud services emerging in a post-pandemic environment.
According to Guy Podjarny, CEO and co-founder of Snyk, the rapid shift to remote operations and work-from-home situations has naturally raised new questions regarding endpoint and network security. His company recently published a study on the State of Cloud-Native Application Security, which examines how cloud-native adoption affects threat defenses. As more activities were moved to the cloud and remote, security had to distinguish between approved staff that required access from outside the office and real threats from bad actors.
Decentralization was already underway in many industries before COVID-19, but the response to the pandemic may have accelerated the trend. "Organizations are getting more agile, and the idea that you should know all that is going on hasn't been valid for a long time," says Podjarny. "The pandemic has forced us to look in the mirror and realize that we don't have a clear view of all that is going on."
According to him, this resulted in the distribution of security controls to allow for more autonomous use by independent teams governed asynchronously. "This means spending more in security training and education," says Podjarny.
He claims that a need for a security-based version of digital transformation arose due to more automated tools that operate at scale and provide insight into distributed activities. Podjarny believes that much of the protection needs that occurred due to the pandemic will remain until companies reopen to a greater extent. "The return to the workplace would be partial," he says, predicting that certain team members will be absent. This may be for personal or work-life reasons or because companies choose to use less office space, according to Podjarny.
However, this could cause some problems with the governance of decentralized operations and related security controls. "People do not believe they have the tools to grasp what is going on," he says. According to Podjarny, the net improvements that organizations have made in response to the pandemic and what could come after have been overwhelmingly optimistic. "It pushes us toward more scalable security models and adapts the SaaS, remote working reality."
The rush to cloud-based applications like SaaS and platform-as-a-service at the start of the pandemic resulted in some understanding of the need to have ways to keep operations running under quarantine guidelines. "Employees were just trying to get the job done," says Jim Brennan, BetterCloud's chief product officer. Developing such technologies, he claims, enabled staff to meet those objectives. Such "shadow IT" activities may have been viewed as a threat to the company in the past. "We learned from a lot of CIOs that it changed their thinking," Brennan says, which prompted attempts to make those services more readily available to employees.
Meeting those needs at scale, on the other hand, presented a new challenge. "How do I successfully implement a new application for 100 employees?" A thousand workers? How should I go about doing that with 50 new applications? How about a hundred new applications?" According to Brennan, many CIOs and chief security officers have requested greater insight into the cloud technologies that have been deployed within their organizations and how they are being used. BetterCloud recently published a brief on the State of SaaS, which examines SaaS file protection exposure. In effect, the CIO regarded all IT, authorized or not, as a means to get work done.
According to Brennan, the new landscape's demand for high accessibility and versatility in technology would present unique challenges for chief security officers, who will be called upon to facilitate that.
"They will always be kept responsible for protecting the company," he says. "I believe there will be an emphasis on various types of security controls."
"This may involve a shift toward understanding and remediation of how and what technology workers deploy, rather than preventing or halting security approaches," Brennan says. "We will see further patterns moving in that direction because it is the only way to meet the increased demand for usability."