As cyberattacks rise, Google and Microsoft are working to enhance the security of their cloud platforms.

• Over the past year, AWS, Microsoft Azure, and Google Cloud have all made acquisitions in the cybersecurity industry.
• According to Gartner, by 2025, over 95% of new digital workloads will be deployed on cloud-native platforms, compared to only 30% in 2021.
• The Cloud Security Alliance (CSA) recently announced a countdown to April 14, 2030, the estimated date when a quantum computer will be able to breach current cybersecurity systems.

The acquisition of a cybersecurity company by a cloud service provider for $5.4 billion in early March highlights the importance of security expertise and capabilities for effective cloud service operations.

The three largest public cloud providers, AWS, Azure, and Google Cloud, have recently made acquisitions in the cybersecurity industry, and it is likely that other companies will follow suit as they strive to enhance their data protection measures.

Mandiant, set to become part of Google Cloud, offers threat intelligence services and its over 600 consultants handle thousands of security breaches annually. Utilizing the research of more than 300 intelligence analysts, it helps organizations safeguard against threats.

Google Cloud has been integrating cloud-native security into its technology to safeguard against threats such as malware, phishing attempts, and cybersecurity attacks. The company's acquisition of Mandiant highlights its dedication to enhancing its security offerings and providing better protection and guidance to customers in both on-premises and cloud environments.

In 2021, Microsoft made two acquisitions to enhance the security of its Azure cloud service. Firstly, it bought CloudKnox Security, a CIEM technology provider, to offer unified privileged access and cloud entitlement management to customers across their multi-cloud and hybrid cloud environments.

Microsoft acquired RiskIQ, a company that offers threat intelligence and attack surface management services. Their offerings help organizations assess the security of their entire attack surface, including cloud services from Microsoft, AWS, and other clouds, as well as on-premises and supply chain systems. They can identify and remediate vulnerable IT components before attackers can exploit them.

AWS has acquired Wickr, a company that provides an encrypted messaging platform used by businesses and government agencies. The deal, details of which were not disclosed, provides AWS with advanced security features for messaging, voice and video calling, file sharing, and collaboration.

Leveraging the cloud

The ongoing growth of the cloud and the increase in cyber threats have led to the rise of cloud services as the "centerpiece of new digital experiences," according to research firm Gartner.

In 2021, global public cloud spending increased by 23%, mainly due to the shift towards digital services to replace in-person interactions and the migration of existing IT infrastructure to the cloud for improved accessibility, according to Peter Firstbrook, research vice president at Gartner.

Companies are utilizing the cloud in various ways, such as enhancing robotic processing automation (RPA) for customer service and support, establishing new cloud-based storefronts, transferring existing services to the cloud to accommodate remote workers, and employing collaboration tools and desktop-as-a-service.

According to Firstbrook, the pandemic accelerated the migration to cloud in many organizations, although most of these migrations were already underway.

Gartner analysts predict that cloud revenue will surpass non-cloud revenue for relevant enterprise IT markets in the near future. By 2025, the firm estimates that more than 95% of new digital workloads will be deployed on cloud-native platforms, up from just 30% in 2021.

The report highlights that organizations worldwide are facing advanced ransomware attacks, threats to digital supply chains, and deeply ingrained vulnerabilities.

Firstbrook states that the Russian invasion of Ukraine did not reveal any new cybersecurity attacker tactics. He explains that denial-of-service attacks and wiper malware were observed, but these were quickly contained and did not cause any collateral damage like NotPetya did. He adds that there may be more that is yet to be discovered.

Russia may increase attacks on U.S. companies, but Firstbrook states that there is no evidence of significant new attacks or attack techniques. IT organizations that follow best practices are well-equipped to mitigate attacks from any source.

A prolonged Russian recession could lead to an increase in international ransomware attacks, says Firsbrook. Additionally, it is expected that Russia will stop cooperating with the international community to arrest Russian nationals accused of international cybercrime.

The pandemic has accelerated the shift to remote work, putting cybersecurity executives under pressure to safeguard a more dispersed organization while simultaneously facing a shortage of skilled security personnel.

The report states that enterprise attack surfaces are increasing and that the use of cloud applications, digital supply chains, and other technological aspects have caused organizations' exposed surfaces to go beyond their controllable assets. As a result, they must adopt new security monitoring, detection, and response strategies to manage a broader range of security risks.

The Cloud Security Alliance (CSA) recently announced a countdown to April 14, 2030, the estimated date when a quantum computer will be able to break current cybersecurity systems.

The organization that establishes standards, certifications, and best practices for cloud computing security will have a Y2Q countdown clock on its website to emphasize the importance of finding and implementing new security solutions.