In today’s multi-cloud environment, you can’t secure what you can’t see 

For organizations to win the ever-growing fight against increasingly sophisticated cyberattacks, business leaders need innovative multi-cloud solutions that allow customers to connect and protect any workload in any location delivered via SaaS apps. On-premise security protocols of the past had to evolve to meet the IT needs of 10 years ago, and now cloud security needs to catch up with today’s hybrid workforce reality. 

The adoption of tools like Salesforce, Slack, Google Workspace, and Zoom only accelerated during the pandemic, with organizations of more than 1,000 employees using more than 150 SaaS applications on average. The need to secure the most critical cloud applications from cyberattacks is more prevalent than ever — and it won’t be going away anytime soon. With this in mind, business leaders are under pressure to ensure security protocols, budgets, and preparations are in place.

Security and IT teams need more visibility

On recent report showed that 94% of enterprises depend on cloud services and SaaS apps to operate in today’s hybrid workforce and store sensitive data. When a single application is breached, an organization’s entire application set — and the sensitive data behind them — becomes available to cybercriminals. We saw this with the recent GitHub breach, and it won’t be the last time that bad actors breach an organization’s critical infrastructure via one app. There is a shared responsibility that needs to be recognized between the SaaS application vendors and the security teams within organizations deploying the apps to ensure visibility into all of the network activity. 

To stop these growing threats, security and IT teams need more visibility into the current work environment that others can’t see. If they are unable to see what tools are being used, or who has access to them, they won’t be able to secure the network. We’ve seen massive cloud adoption over the past five years, and now we have to bring visibility along with it. It’s important not to forget the basics of security. As a decision maker, you’ve made the right call to move to the cloud — now you need to ensure the environment is secure. 

Organizations need to prepare for an increase in lateral movement 

According to our recent survey, lateral movement was seen in 25% of all attacks, with cybercriminals leveraging everything from file storage apps (46%) to business communications platforms (41%) to rummage around inside networks. A full-fidelity threat intelligence solution is needed to protect businesses against threats targeting the apps and tools their businesses depend on to operate. 

Not all apps are created equal from a security perspective. As a business decision-maker, you need to take a 360-view of the risks your company is facing, get better visibility, and shift budgets to cover the most critical IT, cloud and and security needs. Advanced techniques are being used to make attacks more destructive and targeted. Cybercriminals are achieving this through emerging techniques, and catalyzed by the shift to remote work, 32% of respondents also experienced adversaries leveraging business communication platforms to move around a given environment and launch sophisticated attacks. This means that cyber attackers are accessing sensitive data in the cloud — from financial info like payroll and HR data to your customers’ and vendors’ info — which puts the entire company at risk.

Businesses must prioritize cloud security tools amid budget cuts and economic uncertainty

Security teams have spent years of their lives in the non-cloud world, and they’re aware of gaps and shortcomings. As a result, they’re now allocating one budget line item to the cloud, but that mindset doesn’t work. The more aware you are as a business decision maker, the better you will see budget needs and risks. You can’t cut incremental spend from one area of your budget and put it all toward the cloud either. The most important thing to consider when allocating or adjusting budget is the ROI you’re getting on tools. You need to take a bit of a ruthless approach: If certain tools are not showing a notable return, you need to move on. The cloud is here to stay and is you must focus on investing in and securing it.

As we look to 2023, I expect it to be the year of large-scale and high-volume cloud-based cyberattacks. It’s up to business and security leaders to ensure the right cloud security protections are in place to prevent and stop these threats. Organizations have gone through years of migration to the cloud and infrastructure updates, so the opportunity for risk is there. Cybercriminals have been sharpening their own skills, and they’re prepared to breach organizations and gain critical information. Without the necessary visibility and security protocols in place, a perfect storm is created. It’s critical to get ahead of this now. 

Scott Lundgren is CTO of VMware’s Security Business Unit and a member of the Carbon Black founding team.