Many companies are using a mix of cloud providers in order to meet all of their business needs. According to Gartner’s October 2018 report, 49% of organizations approached their IaaS cloud strategy with multi-cloud adoption in 2017, and that has risen by about 75% since. The use of multiple providers occurs for a variety of reasons, including different business needs and requirements that may be better served by various cloud vendors.
One of the things likely to happen in 2022 is that more and more security decisions will be made by AI instead of human analysts. Currently, most security solutions depend on what we can describe as signature-based detections. In the same way, we can identify an individual’s handwriting through analysis and study. We can look at security threats the same way. “I have seen this before, it’s familiar, and I know it is bad,” or an analytic-based approach to detecting patterns of activity that look suspicious. Typically, an analyst reviews the activity to determine whether the signature or pattern is something malicious or a false positive. With the growth of AI and machine learning, much of the basic decision-making will be made by software. This is no replacement for an analyst. Instead, baseline triage determinations made by software will give analysts more time to perform more advanced decision-making and analysis that is not possible yet with AI or machine learning.
There is certainly hope for what Machine Learning and AI could do for software security and cybersecurity in the coming years. One of the most important elements of cybersecurity is data correlation and analytics. Part of the cybersecurity game is finding and isolating individual threats and threat campaigns and performing threat actor attributions based on multiple disparate data sources, like finding needles in haystacks. Using data modeling and pattern recognition, AI and machine learning can provide greater speed, scale, and accuracy. The problem and concern are that efforts are acceptable using machine learning and AI when that may not actually be true. Without significant oversight and training to avoid biases and ensure ethical behavior, AI can go rogue and create new viruses and security threats, as well as identify and protect against them. Much more time and investment will be required to hone all of the data models and patterns to make AI and machine learning a highly effective technology for software security and cybersecurity.
Blockchain Security Challenges
Blockchain technology is evolving, and many technical advances have been made to keep user data private. Even so, there are still legal and compliance issues such as Art. 17 of the GDPR or “the right to be forgotten.” This article challenges the way data is stored across blockchain networks.
So, if you store data on-chain, you cannot comply with data regulations because the data becomes immovable, which is the point of a blockchain. In addition, there is a greater need to track what data is shared with whom and the point at which that data is shared. There is also a need to know if access is granted or revoked because of the increasing regulations governing personal data and privacy. This permission layer will move to the blockchain, and that, in turn, will have implications for cloud provider business models.
There is some healthy skepticism being expressed about the use of blockchain for data security because a blockchain for data storage only functions as a ledger that ensures no one has changed the data. The other issue with blockchain technology for data storage is that the distributed ledger method blockchain utilizes is inefficient for general data storage and not for large databases requiring a high transaction rate. The other thing in favor of current cloud storage centers is that they still retain several economic benefits over blockchain-based storage solutions, such as economies of scale.