11 Experts Share Predictions and Advice for Cloud Security in 2020

11 Experts Share Predictions and Advice for Cloud Security in 2020

As part of our Cloud Insight Jam, we got in touch with several experts and asked for their 2020 predictions and advice on cloud security. These experts represent the top cloud vendors, cloud solutions providers, and IT software companies, and have decades of combined experience with securing the cloud. We’ve compiled 12 quotes from 11 experts on how companies can protect their cloud deployments and where they see cloud security in 2020 and beyond.

Thanks to all of these experts for submitting their quotes and advice — and be sure to follow us on Twitter all day for insights, advice, and best practices on cloud computing during our #CloudInsightJam!

Anurag Kahol, CTO and Cofounder, Bitglass

Misconfigurations of Cloud Databases Will Continue to Plague Enterprises

“Cloud adoption is clearly outpacing the adoption of the tools and expertise needed to properly protect data in cloud environments […] consequently, misconfigurations will continue to be a leading cause of data leakage across all verticals. In addition to the above, highly niche cloud tools provided by second-tier cloud service providers are making their way into enterprises. While services that cater specifically to individual industries or company departments are gaining traction, they do not typically have the same native security measures that mainstream cloud services do. Regardless, companies are gaining confidence – even if it’s a false sense of confidence – in their ability to utilize the cloud and are adopting these second-tier and long-tail cloud apps without considering all of the security ramifications. Enterprises will need visibility and control into all of their cloud footprint, including niche services, in order to proactively mitigate any vulnerabilities and properly secure data in the cloud.”


Torsten George, Cybersecurity Evangelist, Centrify

Public Cloud Doesn’t Demand a Brand New Security Approach

“While many organizations are embracing the cloud and moving their workloads to achieve greater agility, flexibility, and cost savings, security concerns are still holding some back. These fears are understandable. But with so many organizations now pouring so much data into their cloud environments, the bad guys have made the cloud a top priority. While it’s true the public cloud resides outside the traditional network perimeter, it does not require a unique security model. It’s time to debunk this myth that the public cloud demands a brand-new security approach. The reality is that conventional security and compliance concepts that have traditionally applied to on-premises environments are still perfectly valid in the cloud. Roles and responsibilities remain the same whether the data resides on-premises or in the cloud, therefore organizations should extend their existing directory to the cloud and implement a common security infrastructure that covers both on-premises and cloud resources.”


Tim Steinkopf, CEO, Centrify

Organizations Must Take a Least Privilege Approach to Hybrid Cloud

“The modern threatscape continues to evolve and expand as organizations are faced with digital transformation objectives that lead to hybrid cloud architectures. Unfortunately, many organizations still don’t understand that protecting privileged access to data in the cloud is their responsibility, not the cloud service provider’s responsibility. This misplaced understanding of cloud security puts the entire organization at risk. In order to better protect themselves from cyber-attacks, organizations should take an identity-centric, least privilege approach to controlling privileged access across their hybrid cloud environments – too much access and privilege puts their workloads and data at risk.”


Chris Deramus, CTO and Cofounder, DivvyCloud

Cloud Misconfigurations Will Continue to Cause Massive Data Breaches

“As enterprises continue to adopt cloud services across multiple cloud service providers in 2020, we will see a slew of data breaches caused by misconfigurations. Due to the pressure to go big and go fast, developers often bypass security in the name of innovation. […] Companies believe they are faced with a lose-lose choice: either innovate in the cloud and accept the risk of suffering a data breach, or play it safe with existing on-premise infrastructure and lose out to more agile and modern competitors. In reality, companies can accelerate innovation without loss of control in the cloud. They can do this by leveraging automated security tools that give organizations the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or even trigger automated remediation in real-time. Automation also grants enterprises the ability to enforce policy, provide governance, impose compliance, and provide a framework for the processes everyone in the organization should follow—all on a continuous, consistent basis. Companies can innovate while maintaining security, they simply must adopt the proper cloud strategies and solutions.”


Shahar Ben Hador, VP of Product Management, Exabeam

There Will Be a Greater Need for SaaS SIEM Solutions

“As organizations adopt a cloud-first approach and adversaries look to more aggressively target data stored this way, on-premises security information and event management tools will become outdated and dangerous, particularly for short-staffed security teams. Further, with organizations around the world capitalizing on the cloud, security risks will increase along with a complex array of compliance and policy requirements for in-region hosting. Therefore, in 2020, a greater need for SaaS-based SIEM solutions will emerge. These tools will change cloud security by minimizing the operational burdens for SOC employees while significantly improving how fast they can catch suspicious, anomalous behavior within cloud applications. We are likely to see the security companies behind these tools rise to the occasion, by expediting global expansion and including data encryption, consistent third-party penetration testing, and SOC 2 Type II compliance in cloud solution portfolios.”

DevSecOps Will Merge Into Engineering

“At a high level, SaaS apps have highly tailored needs when it comes to information security and protecting customer data, and will require guidance and prioritization from product teams. Implementing these InfoSec needs will require the expertise of the security team, as well as resources of the engineering team, which are allocated by the product teams. Therefore, I predict that DevSecOps will merge into engineering and be guided by product. Currently, this is from an operational point of view due to the proximity to DevOps’ technical capabilities. However, I see it as a strong business need that requires product and customer knowledge, to keep up with the increasing complexity of SaaS apps and the sensitive data these apps can access.”

Our MSP Buyer’s Guide contains profiles on the top cloud managed service providers for AWS, Azure, and Google Cloud, as well as questions you should ask vendors and yourself before buying. We also offer an MSP Vendor Map that outlines those vendors in a Venn diagram to make it easy for you to select potential providers.

Greg Conti, Senior Security Strategist, IronNet Cybersecurity

Major Cloud Providers Will Find a Bullseye on Their Backs

“As more and more organizations move their critical systems and data to the cloud for efficiency, scalability, and cost reduction, cloud provider infrastructure will increasingly become a high payoff target. A target, that if compromised, could have devastating effects on the economy and national security. In 2020, we believe state adversaries will redouble their efforts to attack cloud systems. Whether the defenses in place will withstand the attacks remains to be seen.”


Greg Keller, Chief Strategy Officer, JumpCloud

Cloud Security Will Be Integrated with On-Premise and Other Resources

“Bridging technologies and protocols have existed for nearly 20 years to assist IT and security teams with managing access control between traditional on premise infrastructure with resources and services being managed in ‘the cloud’. Microsoft is flexing its muscle to escort their customer base to their cloud (Azure) through a proprietary set of solutions, but for the rest of the world who are less dependant upon a homogenous stack, solutions to unify and simplify cloud to on premises will be a sector to watch, especially for those looking to lift and shift completely to the cloud and reduce on premise footprints.”


Philip Deuchler, Software Security Engineer, JumpCloud

DevSecOps Will Take Off

“In the wake of the success in IT and infrastructure management spawning DevOps, DevSecOps will move from a nascent idea to more mission critical needs as companies start to leverage voluminous data being generated from a wide array of security solutions and manufacture ‘security as code’ principles in their organizations. These roles will be heavily depended upon by traditional security teams and CISCOs to bridge the gap to more modern ITR and platform architectures that require more engineering-specific approaches to ensure controls and policies are in place.”


Kowsik Guruswamy, CTO, Menlo Security

Cloud Security Adoption Will Accelerate in 2020

“The coming year will usher in an even greater adoption of cloud security, with a material change in attitude and organizations fully embracing the cloud. As organizations increasingly access enterprise applications like Box, Salesforce, etc., it’s no longer practical for them to VPN back to the stack to remain secure while accessing these services in the cloud. With this move to the cloud comes countless security risks. Not only will we see more companies jump on the bandwagon and shift their applications and operations to the cloud, but we will also see the security stack move to the cloud and more resources dedicated to securing the cloud, such as cloud councils.”


Brad Cheedle, CEO, Otava

Cloud Security Will Remain the Hottest Topic for Businesses

“CIOs and IT teams need to make organizational leadership aware of their responsibilities for ensuring the integrity of the data stored inside their secure cloud infrastructure. The stakes are high and investing resources in teams and technology should be a top priority. You can have the most secure cloud infrastructure in the world, but if you let dirty data in through apps or human error, your security goes out the window. When choosing a cloud provider, insist they’ve passed compliance audits. Be sure to opt for encryption and backup and read the fine print on those service level agreements. Network monitoring is also critical.”


Trevor Bidle, VP of Information Security and Compliance, US Signal

Businesses Must Understand How a CSP Handles Their Data

“Many organizations simply don’t have strong, comprehensive IT security plans in place, but that will soon change as threats continue to evolve. To keep your data safe in a multi-cloud environment is to fully understand what data you have, where it’s located and who has permission to access it. The next step may be the most important: finding a cloud service provider (CSP) that’s right for your organization’s needs. A good CSP will provide thorough documentation of its response plan upfront before a security risk ever happens and perform regular data integrity checks to ensure no information has been compromised. Your organization should also demand complete transparency from your CSP. This means ensuring your CSP has a comprehensive Information Security Program, an Incident Response Plan, and a Business Continuity and Disaster Recovery program that is regularly tested.”


Looking for more info on managed service providers for your cloud solutions? Our MSP Buyer’s Guide contains profiles on the top cloud managed service providers for AWS, Azure, and Google Cloud, as well as questions you should ask vendors and yourself before buying. We also offer an MSP Vendor Map that outlines those vendors in a Venn diagram to make it easy for you to select potential providers.

Check us out on Twitter for the latest in Enterprise Cloud news and developments!

Daniel Hein

Dan is a tech writer who writes about Enterprise Cloud Strategy and Network Monitoring for Solutions Review. He graduated from Fitchburg State University with a Bachelor's in Professional Writing. You can reach him at dhein@solutionsreview.com
Daniel Hein