The State of Cloud Security: 10 Predictions for a New Decade

With the VP of research firm Gartner announcing “Cloud adoption is mainstream,” there is no doubt it’s on the radar of every business decision-maker. Companies that haven’t adopted the cloud for applications, infrastructure, and other needs risk missing out on one of the most important productivity drivers in the history of technology.

Yet, even as business leaders embrace the cloud, many fail to adequately consider the risks of cloud computing, itself. Cloud security is literally mission-critical in today’s world. Hackers are ultra-sophisticated, and employees still are not. As a result, leadership must take an active role in ensuring they have robust cloud security.

Not convinced? Following are my 10 predictions, supported by reports and other data, that should persuade you.

1. Organizational leaders are currently focused on the broader scope of cloud computing rather than on cloud security, and that trend will continue into the new decade. Per research firm Gartner, revenues for cloud security services were $12 billion in 2019 and will be fewer than $20 billion by 2022. That’s barely five percent of total cloud spending.
2. Cloud security is not getting enough attention, but the reality is starting to hit home. Per the (ISC)², the world’s leading cybersecurity professional organization, only 38 percent of organizational leaders were “extremely worried” about cloud security in 2019, but 75 percent were at least “very concerned.”
3. Software as a service (cloud-based applications; aka SaaS) will remain the biggest market for cloud services for the foreseeable future. By 2022, Gartner predicts, SaaS revenues will top $151 billion – more than double the next biggest segment, infrastructure.
4. SaaS providers will continue to handle the security of their applications with mixed results. The Cloud Security Alliance (CSA) reports that overcoming fierce competition is a higher priority for many SaaS providers than security.
5. The solutions of smaller, less sophisticated SaaS providers are vulnerable to attack and will remain so for the foreseeable future. Per the CSA, 77% of SaaS-adopting organizations have experienced SaaS-specific security incidents.
6. Cloud cyberattacks will continue to escalate in both number and scope. Today’s hackers have a nearly limitless number of attack vectors for infiltrating the cloud environment. Capital One’s $100 million mega-breach was due to an improperly configured web-application firewall.
7. The current shortage of cybersecurity professionals will deepen. According to a workforce report from the (ISC)², the current U.S. cybersecurity workforce gap (discrepancy between qualified workers and openings) is close to 500,000 positions. The organization estimates the cybersecurity workforce needs to grow by more than 60% over the next decade to cover today’s needs, let alone allow for growth of the cloud.
8. Competition for workers trained in cloud and cybersecurity will be fierce for the foreseeable future. Per a report by ZD Net, two of the top 10 IT skillsets needed for the coming decade are security and cloud professionals.
9. The shortage of cybersecurity workers will increasingly lead organizations to outsource their cybersecurity. In 2019, outsourced cloud management and security services were a $12 billion market. By 2022, revenues will grow by nearly 50 percent to 17.6 billion.

This will be the year many organizations act. Per a survey conducted by Crain’s New York Business, cybersecurity and risk management top the list of CFO concerns in 2020. In my experience, when the C-suite makes something a priority, things get done. Let’s hope it’s true this year.