Cloud Security

Google and Microsoft ramp up cloud security as cyberattacks rise

Google and Microsoft ramp up cloud security as cyberattacks rise
Written by ga_dahmani
Google and Microsoft ramp up cloud security as cyberattacks rise

A sign at, Inc.’s BHM1 fulfillment center is seen on March 29, 2021 in Bessemer, Alabama.

Patrick T. Fallon | AFP | fake images

When cybersecurity firm Mandiant announced in early March that it had entered into a definitive agreement to be acquired by Google in a transaction valued at around $5.4 billion, it marked the latest sign that security expertise and capabilities had become critical to effective cloud service operations.

The three largest public cloud providers (Amazon Web Services (AWS), Microsoft Azure, and Google Cloud) have made acquisitions in the cybersecurity space over the past year, and others are likely to follow as these companies look to bolster your data. protection efforts.

Mandiant, which will become part of Google Cloud upon closing of the acquisition, provides threat intelligence services and its more than 600 consultants respond to thousands of security breaches each year. Leverage research from over 300 intelligence analysts to help organizations defend against threats.

Google Cloud has been building cloud-native security into the foundation of its technology as it tries to block threats like malware, phishing attempts, and other cybersecurity attacks. The company says the Mandiant acquisition underscores its commitment to advancing its security offerings to better protect and serve customers in both on-premises and cloud environments.

Microsoft made two key acquisitions of its own in 2021 to bolster the security of its Azure cloud service. First, it acquired CloudKnox Security, a provider of cloud infrastructure rights management (CIEM) technology, as part of an effort to offer unified privileged access and cloud rights management to customers in their cloud environments. hybrid and multicloud.

Another key security acquisition for Microsoft was RiskIQ, a provider of threat intelligence and attack surface management. The company’s offerings are designed to help organizations assess the security of their entire attack surface, including cloud services from Microsoft, AWS, and other clouds, as well as on-premises and supply chain systems. They can identify and remediate vulnerable IT components before attackers can capitalize on them.

AWS, for its part, acquired Wickr, a company that offers an encrypted messaging platform used by businesses and government agencies. The agreement, the terms of which were not disclosed, provides AWS with advanced security features for messaging, voice and video calls, file sharing and collaboration.

Leveraging the cloud

All of these transactions make sense, given the continued growth of the cloud and the rise of cyber threats. Research firm Gartner has said that the pandemic and the rise of digital services are making cloud services the “centerpiece of new digital experiences.”

Worldwide public cloud spending increased 23% in 2021, driven by the rise of digital services to replace person-to-person services and the migration of existing IT assets to the cloud to enable better availability says Peter Firstbrook, research vice president at Gartner.

Examples of how companies are leveraging the cloud include increasing robotic processing automation (RPA) for service and support, adding new cloud storefronts, migrating existing services to the cloud to support the new remote workers and the use of collaboration tools and desktop as a service.

“Most of these migrations were already happening, but the pandemic accelerated cloud migration in many organizations,” says Firstbrook.

The firm predicts that global cloud revenue will total $474 billion this year, up from $408 billion in 2021. Gartner analysts estimate that cloud revenue will exceed non-cloud revenue for IT markets. relevant business in the coming years. By 2025, the company predicts that more than 95% of new digital workloads will be deployed on cloud-native platforms, up from just 30% in 2021.

In a newly released report identifying the top security and risk management trends for 2022, the firm notes that organizations around the world are facing sophisticated ransomware, attacks on digital supply chains, and deep-seated vulnerabilities.

The Russian invasion of Ukraine has not illustrated a significant new cybersecurity attacker craft, says Firstbrook. “DoS attacks and cleanup malware were observed, but these were easily contained and neither caused the collateral damage that NotPetya did,” he says. “There may be more that we don’t know yet.”

The US government issued a warning that Russia could increase attacks on US businesses, Firstbrook says, “yet so far I have seen no evidence of significant new attacks or commercial attacks. IT organizations that follow the guidance of best practices are well positioned to mitigate attacks regardless of the source.”

In the longer term, a prolonged Russian recession could drive more people into cybercrime, “which could lead to an increase in international ransomware attacks,” says Firsbrook. “At the same time, we anticipate that Russia will stop cooperating with the international community to arrest Russian citizens accused of international cybercrimes.”

Meanwhile, the rise of hybrid working due to the pandemic has accelerated the move to the cloud, challenging cybersecurity executives to secure an increasingly distributed enterprise while dealing with a shortage of skilled security personnel.

Enterprise attack surfaces are expanding, the report says, and the risks associated with the use of cloud applications, complex digital supply chains and other aspects of technology have pushed organizations’ exposed surfaces outside of a set of controllable assets. As a result, they must look beyond traditional security monitoring, detection, and response approaches to manage a broader set of security exposures.

In a clear indication that cyber security threats are not going away anytime soon, the Cloud Security Alliance (CSA) earlier this month launched a countdown to April 14, 2030, the date the CSA estimates that a quantum computer will be able to break the present. day cybersecurity infrastructure.

The alliance, an organization that defines standards, certifications and best practices for cloud computing security, says its website will feature a Year to Quantum (Y2Q) countdown clock to remind people of the need to find and implement new security solutions. security.

About the author


Leave a Comment