During the first few months of the COVID-19 pandemic, many organizations expected a slowdown in their digital strategy. Instead, we saw the opposite: most customers accelerated their use of cloud-based services. Sunil Potti, VP and GM of Google Cloud Security, looks back at the security trends that came to the forefront in 2020, and where we’re headed in 2021.
The challenges brought on by COVID-19 forced many enterprises to adopt new ways of working. Employee connectivity and collaboration tools quickly became top priorities in the early days of the pandemic. As many businesses shifted to remote and partially remote workforces, their attack surface area increased. Workers were on untrusted home networks and using corporate devices to surf the web, check personal email, access social media, and more.
Remote work is here to stay, and modernizing security by fully embracing zero trust models is an imperative, not an option—so these trends are not just pandemic-spurred anomalies but rather 2020 disruptions that will affect enterprise security going forward.
Overall, 2020 taught us that this new normal is an opportunity to build a safer normal. But where do we go from here? In this article, we’ll look at my top three predictions for the security industry in 2021.
1. Security will become more “invisible”
The adoption of cloud services has created a generational opportunity to meaningfully improve information security and reduce risk. As organizations move applications and data to the cloud, they can take advantage of native security capabilities that, when done well, can simplify security such that it becomes almost invisible to users. This reduces operational complexity—favorably altering the balance of shared responsibility for customers—and decreases the need for highly specialized security talent. At Google Cloud, we call the result invisible security, and it requires a foundation of innovative, powerful, best-in-class native security controls.
Invisible security will allow enterprises to focus more on their core business, rather than on securing undifferentiated IT stacks.
Today, customers configure security at the resource level, on a resource-by-resource basis, whether those resources are on-premises, in the cloud, or distributed across these two infrastructures. They are required to understand the guarantees of both their infrastructure and the security technology they bolt onto their cloud security posture. Put simply, many security products seem to be built to solve problems with other products, not to address a holistic solution to the customer problem.
In 2021, we’ll start to see cloud security become more and more invisible for customers. Invisible security will allow enterprises to focus more on their core business, rather than on securing undifferentiated IT stacks. Security technology will be an engineered-in component of the cloud platform, with fewer and simpler configuration options, rather than a high-risk, complex, bespoke journey for each customer.
Related: See why Forrester’s Q4 2020 report named Google Cloud as one of just two leaders and rated Google Cloud highest among providers evaluated in terms of current offering.
2. Traditional security operations as a silo will start to disappear
Right now, most security operations are manual and talent constrained. As I noted above, customer security teams are forced to patch together disparate IT stacks, tools, and data sources.
While it may take time, this process will start to be inverted with systems that can present the right amounts of security data, at the right time, to the right users—increasing the efficiency and efficacy of security operations. Overall, systems will become more self-managing and self-governing. This means that as more security technology is infused in infrastructure and common security issues are automated away, threats will still be mitigated without customers needing to take action. This way, security operations teams can focus on the most sophisticated attacks and unique threats that are specific to their business.
As cloud platforms absorb more of the complexity of security, and the number of moving parts dramatically reduces, a new path will be paved for different parts of the engineering organization to become empowered to manage the security of their applications. In the long-term, this will enable not only scale but also better, security-first design principles.
3. To trust cloud computing more, enterprises will need the ability to trust it less
In the cloud, the concept of trust is much bigger than security, and even bigger than a triad of security, privacy, and compliance. Many organizations concede that cloud providers can invest more in security, build strong defenses, and offer powerful tools to make aspects of compliance easier, but still are reticent to move certain applications or data to the cloud.
This decision ultimately comes down to the ability to trust that a provider will store, process, and manage their data in accordance with their preferences, and that they will be able to ultimately maintain control of data on infrastructure they don’t own or manage. This will hold true as we head into 2021 with the need to address geopolitical matters focused on data residency and data sovereignty—particularly in places like Europe—but also for any business embarking on a digital transformation journey.
Related: To trust cloud computing more, you need the ability to trust it less.
Offering capabilities that allow organizations to use and benefit from cloud computing, while decreasing the amount of trust they need to place into the provider, is of huge importance today and will significantly increase in importance going forward. Technologies like confidential computing, which keeps data encrypted and unreadable to the provider even while it’s being processed, will play a key role in helping more businesses become more comfortable with the cloud. The same can be said for encryption options that keep customers’ encryption keys outside the provider’s infrastructure, which allows them to deny access to unencrypted data for any reason.
These technologies help address enterprises’ underlying concerns about losing control to their providers—and they increase trust in the cloud, because they reduce the need to trust providers.
Keep reading: There is an understanding that data security is critical, but a lack of well-understood principles to drive an effective data security program. Get the latest whitepaper on “Designing and deploying a data security strategy with Google Cloud” to learn how to deploy a modern and effective data security program.