Organizations look to AI and automation to regain control of their cloud security posture. Credit: MF3d As organizations expand and increasingly invest in more cloud applications and services, their cloud footprint grows and often becomes more complex. That’s why it is critically important to regularly reevaluate the security of those cloud assets to ensure that everything is secure, and the required processes and procedures are being upheld. The growth in cloud services continues unabated. In fact, according to Synergy Research, spending on cloud infrastructure increased 19% in 2023. The increase in Q4 2023 from the previous quarter was “by far the largest quarter-on-quarter increase ever achieved,” according to the research firm. Gartner, Inc., projects a 14% increase in global spending on security and risk management in 2024, attributing the increase to the impacts of cloud, hybrid workforce, generative AI, and the regulatory environment. The good news is that Gartner says organizations are adopting technical security capabilities for greater visibility and responsiveness across their digital ecosystems. Still, cloud security spending is expected to grow by 24.7% from 2023, as organizations dole out $7 billion this year for cloud access security broker (CASB) software and cloud workload protection platforms. That’s on top of $90 billion being spent on security services, including consulting, IT outsourcing, implementation, and hardware support. Regaining control with AI and automation With developers turning to generative AI for faster code development, security teams face new challenges in staying up to date on how the organization’s security posture is being impacted. The problem has overwhelmed human teams, which are eagerly looking to AI and automation to regain control. The numbers of cybersecurity common vulnerabilities and exposures (CVEs) continue to mount year over year, with almost 29,000 reported in 2023 alone. “No human in the modern enterprise can go through code line-by-line to identify the root causes of all those vulnerabilities,” says Amol Mathur, senior vice president of products for Palo Alto Networks’ Prisma Cloud cloud-native application protection platform (CNAPP). Palo Alto Networks Unit 42 Cloud Threat Report reports that sensitive data such as personally identifiable information, financial records, and intellectual property are found in 66% of storage buckets and 63% of exposed storage buckets. Meanwhile, according to Unit 42, cloud users are repeating the same mistakes over and over, with 5% of their security rules triggering 80% of alerts. Mathur suggests that cloud security decision-makers ask the following of their vendors and service providers: Why is a platform approach needed to ensure proper cloud security? Does your cloud security platform provide code to cloud protection? Is the platform applying the concepts of artificial intelligence and machine learning to “do the heavy lifting” on those tasks that require a lot of expertise, which many organizations lack? Does the platform prioritize vulnerabilities to focus on what threats are most critical? Does the platform provide security and developer teams with the necessary context into vulnerabilities so they can fix the problems in near real-time? “Just finding an issue and throwing it at the end user is not going to help them,” says Mathur. “Organizations typically use separate tools for detection in source code, where risks manifest, and in runtime, where they are exploited, and there’s no intelligence connecting either of the tools. “Understanding the issue and how it needs to be remediated, and whether that can be done at scale is very important,” Mathur continued. “Taking that context, then applying AI and machine learning to prioritize what issues need to be addressed is essential to keep up with the threats. To keep pace with today’s cloud threats, organizations need an AI led cloud security platform that connects the left to the right or in other words – from code to cloud.” To learn more, visit here. Related content brandpost Sponsored by Palo Alto Networks A Zero Trust approach for remote access in utilities is essential Infrastructure, specifically the utilities sector, must adopt a Zero Trust approach as ongoing cyberattacks by remote actors become more and more prevalent—threatening to disrupt everyday life. By Anand Oswal, senior vice president of product, network security, Palo Alto Networks 28 Mar 2024 5 mins Security brandpost Sponsored by Palo Alto Networks Why you need a platform approach to security Today's enterprises mix networks, applications, data, and locations. Here’s how a platform security solution can help fill the security gaps. By Pete Bartolik 11 Mar 2024 4 mins Security brandpost Sponsored by Palo Alto Networks Watching the bottom line—How a Zero Trust position can save time and money Today’s security solutions can enable better, faster ROI. Read on to learn more. By Navneet Singh, Vice President of Marketing, Network Security, Palo Alto Networks 06 Mar 2024 6 mins Security brandpost Sponsored by Palo Alto Networks How will AI change the security operations center? The challenges facing security operations center teams are real. The answer lies in artificial intelligence, which will supercharge SOC modernization efforts. By Pete Bartolik 27 Feb 2024 4 mins Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe