With the new decade approaching, Trend Micro Incorporated’s 2020 prediction report states that organisations will face a growing risk from their cloud and supply chain. As businesses continue on their digital journey and move more critical workloads onto the cloud, DevOps environments will continue to give business agility but at the same time expose organisations to risks.
In a recent media briefing, Goh Chee Hoh, Managing Director at Trend Micro Malaysia said organisations will continue to rely on third-party software, open-source and modern working practices to drive their innovation and growth. At the same time, he said that Trend Micro threat experts predict this growth will bring new risks of attacks from the cloud layer, all the way down to the home network.
According to Law Chee Wan, Technical Director for Singapore and Malaysia at Trend Micro, the future will be complex as threat actors remain undeterred from compromising systems for their own gain. They shift and adapt in their choice of attack vectors and tactics — prompting the need for users and enterprises to stay ahead.
He added the future will also be more exposed as the converged future ushers in old and new attacks and techniques that expose information technology (IT) and operational technology (OT) assets. He also pointed out that the future will be misconfigured as Cloud and DevOps migrations present risks as well as rewards to adopters, underscoring the need for security throughout the deployment pipeline.
In other words, attackers will increasingly go after corporate data stored in the cloud via code injection attacks such as deserialisation bugs, cross-site scripting and SQL injection. They will either target cloud providers directly or compromise third-party libraries to do this.
In fact, the increasing use of third-party code by organisations employing a DevOps culture will increase business risk in 2020 and beyond. Compromised container components and libraries used in serverless and microservices architectures will further broaden the enterprise attack surface, as traditional security practices struggle to keep up.
Managed service providers (MSPs) will be targeted in 2020 as an avenue for compromising multiple organisations via a single target. They will not only be looking to steal valuable corporate and customer data, but also install malware to sabotage smart factories and extort money via ransomware.
2020 will also see a relatively new kind of supply chain risk, as remote workers introduce threats to the corporate network via weak Wi-Fi security. Additionally, vulnerabilities in connected home devices can serve as a point of entry into the corporate network.
Amidst this ever-volatile threat landscape, Trend Micro recommends organisations:
Improve due diligence of cloud providers and MSPs
Conduct regular vulnerability and risk assessments on third parties
Invest in security tools to scan for vulnerabilities and malware in third-party components
Consider Cloud Security Posture Management (CSPM) tools to help minimise the risk of misconfigurations
Revisit security policies regarding home and remote workers
At the same time, Law said improving overall cloud security posture can be done with automated and continuous security that allows DevOps teams to build securely, ship fast, and run anywhere. Due diligence from developers and careful consideration of service providers are crucial to cloud security, as well as adhering to best practices and industry standards. Trend Micro solutions for cloud security can improve efficiency while protecting cloud assets.
This is where Cloud One, Trend Micro’s latest cloud security platform comes in. Cloud One delivers the industry’s broadest range of security capabilities in a single platform. Designed to help organisations meet their most strategic cloud priorities, it allows customers to migrate existing applications to the cloud, deliver new cloud-native applications and achieve cloud operational excellence. The first-of-its-kind platform has the flexibility to solve immediate customer challenges and the innovation to evolve with cloud services rapidly.
At its heart, Cloud One includes the world’s leading workload security service that is already in use by thousands of organisations. It is complemented by enhanced container security and brand-new offerings for application security, network security, file storage security and cloud security posture management to ensure cloud infrastructure is optimally configured.
By considering cloud projects and objectives holistically, Goh mentioned that Trend Micro Cloud One is able to provide enterprise-grade security, while leveraging the benefits and efficiencies of the cloud. The Cloud One platform will be available in Q1 2020 with three services fully integrated: workload security, network security and application security. The other components will be available as stand-alone solutions in Q1 2020 and integrated into Cloud One by the end of 2020.
When asked which industries would benefit most from these services, Goh said all industries using Cloud services for more than storage will have a use for Cloud One. Interestingly, Goh said when Trend Micro approach new or current customers, what they offer them always is for them to have an assessment of their systems to give the visibility when it comes to making decisions. Once customers understand and have better visibility, they will understand the need for a more secure and robust system.