Last month Aqua published a blog with the predictions from our Nautilus security research team regarding trends and new threats we are watching for 2023. In case you missed it over the holidays, we’ve included a link at the end of this post – it’s definitely worth the read.
This month we turned to our business leaders across the company, and I asked for their thoughts on what areas they see developing on the management side of security this year. And they did not disappoint! Covering a broad spectrum of market changes they believe will impact every CISO and Information Security executive, here’s what we think you can expect in the world of Cloud Native Security in 2023.
The Skills Gap Only Gets Worse
With most organizations now leveraging cloud native architectures for the bulk of their digital transformation initiatives, I see that the lack of knowledgeable staff to support the growing number of production applications running on these platforms is widening. And while more and more operations and security resources are being trained (or cross-trained) in Kubernetes, CI/CD pipeline automation, and Infrastructure as Code (IaC), it simply isn’t keeping up.
From my perspective as the CMO of Aqua Security, I expect that both time-to-hire and overall compensation to fill these positions will each increase by more than 15% in 2023 as enterprises compete to bring production-ready resources on board quickly.
Partners Offering Professional Services Will Emerge as Winners
Jeannette Lee Heung, Aqua’s Senior Director of Worldwide Channels, says that one way organizations will address the skills gap is by relying more on partner-delivered services. Procurement models are shifting, with many customers buying technology solutions directly through cloud providers. This is also an opportunity for resellers and distribution partners to get creative in the ways they bring value to customers.
Timing will align with a growing appetite from customers for managed solutions, and those partners who have built strategic relationships with vendors to provide advisory and professional services will win market share. She believes this will shake up the traditional channel model for security products, and expects to see greater consolidation as a result, with fewer partners committing to and doubling down on vendors that they believe in. That said, following in the footsteps of firms like Fishtech and The Herjavec Group, we would not be surprised to see two more additional M&A events in this space in 2023, she concludes.
Consolidation of Tools for Multi-cloud and Cross-business Use Cases
Another way to address the skills gap is by maximizing productivity of your existing resources, says Sharon Eilon, our Chief Customer Officer. As organizations move from separate pockets of cloud native development within their various business units to an environment where the architecture team is defining cross-company tooling, the point solutions across different cloud stacks and dev teams will rationalize.
With economic constraints increasing over the next 12-18 months, there will be even more pressure for CISOs to quantify the value of their toolsets and increase ROI on their security spend, Eilon says. Moving forward we can expect to see a shift in demand towards solutions that offer a broad set of cloud native security capabilities – particularly those that can be embedded into developer workflows – and a greater focus on measuring and reporting on the value they provide. With companies typically managing more than 75 tools, Eilon believes that on average organizations will reduce the number of separate products in use for cloud native application protection by more than 20% this year, putting pressure on smaller point product providers.
Extending DevOps with GitOps
Anais Urlichs, Aqua’s Open Source Developer Advocate, sees the latest hot trend in cloud native deployments is taking DevOps principles and applying them to infrastructure with the primary approach being GitOps. If you aren’t already seeing it gaining traction with your teams, you most certainly will this year. GitOps use cases will span beyond continuous delivery (e.g., ArgoCD) to infrastructure, with the main tool being Crossplane. GitOps is making changes to any resource more observable through version control and thus, more secure.
In 2023, Urlich predicts we should expect to see more cloud native projects implementing GitOps tools such as Crossplane and ArgoCD, going from proof-of-concept use cases to large scale adoption across end user companies.
She adds, with GitOps becoming more mainstream, more resources are going to be defined as code in a structured way, allowing for higher scan coverage with security scanners such as Trivy.
SBOM Moves Front and Center
Shifting further left in the supply chain, this year the attention of nearly every CISO will be on the Software Bill of Materials, or SBOM, according to Eilon Elhadad, Aqua’s Sr. Director of Software Supply Chain Security. New tools, languages, and frameworks that support rapid development at scale are being targeted by malicious actors who understand the catastrophic impact that results from attacks to the software supply chain. As threats to the software supply chain escalate, and with government regulations in the form of executive orders (EO 14028) mandating proper action to be taken, he believes CISOs will be compelled to develop and deploy better strategies to secure this area of significant weakness.
In 2023, he predicts we will see less sophisticated attacks like SolarWinds and more attacks like those targeting Log4J, Spring4Shell, and OpenSSL which are widely used across code and production. These attacks will have a much larger potential blast radius, allowing hackers to impact (and potentially penetrate) many more organizations.
Elhadad expects that in order to demonstrate the level of commitment to the executive order, it is highly likely that several companies found to be out of compliance with the order will find themselves facing fines or lost business with the government. While simply generating SBOMs is already becoming easily accessible today, the processes and tools around handling, signing, and managing SBOMs, as well as applications of SBOMs in different use cases, will become more sophisticated and prevalent, he concludes.
Looking Forward to an Exciting Year …
With so much change in the world of cloud native security, the old saying “May you live in interesting times” comes to mind. This market demands that we stay ahead of the attackers, the technologies being adopted, and the cultural/organizational changes that come along with these changes. Here at Aqua we welcome that change and are grateful for those of you who have trusted us with your security needs as we take this journey together.
For those who may have missed the earlier blog with predictions of new threat vectors, please read Cloud Security Trends for 2023 Part One.