in 2025 rundown security is going to be the most spoken about thing in Cloud security I fly to the moon I shrink the moon if we are a cloud security professional or you're trying to become one number one Trend that you want to look out for in 2025 is going to be getting ahead of the runtime security curve that's coming in I've been Cloud security for a little over 15 years now initially we used to rely a lot more on the cspm your Cloud security portion manager or your scap which is your Cloud native application prodection platform if you don't know what they are I'll leave a link over here for the videos where it explains what that is but point being these were the things that I used to work on or my team used to work on as Cloud security engineers and Architects to know what's wrong with Cloud security Now over time since the past couple of years a lot of AI workload have come in which meant that the cloud engineers and Cloud Architects have not being able to focus their attention on the fire hose of alerts with the red wall of alert that is coming from all the cspm scaps because most of the time the problem was we'll get a lot of alerts from cspm and cnaps we'll just hit a ro loock because we have to work with another team to resolve those issues which means there'll be a lot of alerts left in the platform catching dust while we find some time in the spring now I'm not saying it's a bad thing that we have to wait for others to work it has to work based on the risk priority so I totally understand that but in the meanwhile the work still needs to be done so now with AI kind of exploding everywhere more AI workload coming in Cloud security engineers and Architects are working on proactively trying to build a cloud blueprint so that you can build security from the beginning which means someone else need to look after and triage these alerts which fortunately security operations team or the sock team stepped in and are able to help with not just the alerts from your on- premise jeda Center OT environments iot environments and everything else that has been going on outside of the cloud which they already look after now they've opened up their doors to include the cloud alerts in there but challenge is security operations teams have always primarily worked on real issues that are happening right now and the cspm and cnaps unfortunately have always worked on a a agent or an agent L based approach which meant that your data could either be real time or could be a few hours behind which is not really the way you want to do this now this change when ebpf came in handy where as security Engineers we already had a lot of agents in a lot of the workload across our Cloud footprint we were able to use ebpf as a capability and I say V I mean the vendors who are in the cyber security space they were able to use the ebpf capability to get the real-time information so the security operations team can actually have a runtime information of what is a current threat in their Cloud environment now there's a lot more Contex around it I'm not going to spend the entire time on this I'll leave a few links over here for you to check out now closely related to that is Trend number two as well security operations team or sock team is going to be the new owner of cloud security alerts which also means that unfortunately because security operations have traditionally looked after on premise alerts as well as the alerts from other environments not the cloud ones now they have to pick up quickly on what these Cloud security alerts are how to triage them what kind of thread detect ction would be involved in it are they already getting the information from all the cybercity granddaddies who have been doing threat intelligence for a long time they're able to bring that information into the cloud world and combine all of that but then there is a problem in terms of how much of the cloud alert and the cloud capability is provided as context in terms of knowledge for the stock person now in some extent the stock Automation and AI world is trying to do some work in it there's a Security operation team which has picked up the battern from the cloud security engineers look after the cloud security alerts in 2025 they'll continue to work on improving what thread detection could look like perhaps some sock automation as well to reduce the number of alerts that are being created from the cspm scap tools as well as the runtime tools to be able to do a better triage on ignoring the alerts which are false positive automatically and at the same time being able to raise alerts for priorities that truly a security incident in your Cloud environment at any given point in time with the context of all the other environments including the complex infrastructures like your communities Ai workloads and everything else in there as well now talking about AI brings me to the third Trend that you'll see in 2025 which is Dena or data native application protection platform now what this means is as a chief information security officer or as a cyber security executive in an organization I have always maintained a data security policy data privacy team there are teams that look after hey what do we do for data which is a Health Data or a private data or a personal data that the organization is working with what we have never done and the kind of worms that no one wants to open but fortunately or unfortunately for the AI explosion we came across where data is the fuel so data had to be the number one thing that people had to focus on so a lot of people like myself are going to focus our cyber security program for 20125 around data security capability now granted there would be a lot of data security work I would probably say if you were to do a side note for AI Trends data security is going to be 97% of the thing and the 3% would be the true AI capability exploding companies that you would see which is usually what happens when Cloud exploded 15 16 years ago the same's going to happen with AI as well that's why the data security piece is going to be super important now the reason I use the word dnap is because currently in the data market there is dspm which is data security posture manager which helps you identify what kind of data is located where and in most scenarios it's able to do that in a cloud native way so it's not just your emails or your SharePoint drives it's also looking into your cloud resources like your databases uh S3 buckets drop there's a lot more storage types that are available in a cloud environment which are natively being picked up by a dspm to inform your decision on what kind of data is potentially being leaked and if it's sensitive or not obviously being Cloud native meant that there is a role that a cspm or Cena provider could play as well which is what led to aism I had a great conversation with a few people about this and it's really interesting to know that aism became that ulation of what is the the data typee that is being located in a cloud native resource and also is there a misconfiguration that is potentially impacting the cloud all in one go which is with the aism now that's just part of the thing and that's different to a dspm sorry for all the acronyms welcome to cyber security the next thing I want to talk about and one more acronym and that's the end of it which is DLP or data leakage prevention which has been there for a long time CU dspm only tells you hey this is what is wrong right now data leakage prevention again is runtime going back to my top Trend data leakage prevention is what's happening right now now that I need to be concerned about from a data leakage perspective now these are limited and even though DLP as a space has existed for a long time they have not done a great job of being Cloud native which is where the dspm world kind of came in as a cyber security leader I would think my capability should include both which is dspm and DLP combined hence the word dup but the industry may be slow to adopt this so you may see a lot more dspm for data security in the beginning of 2025 and towards the tail end of video you start seeing more DLP people talk about data security as well now these are top three things you should be looking out for but is there a trend that I'm missing drop in a comment on what you think should be the next Trend in the meanwhile I'll check out these videos from cloud security podcast which were really helpful in US identifying what the trend would be for 2025 enjoy the video peace in 2025 rundown security is going to be the most spoken about thing in Cloud security I fly to the moon I shrink the moon if we are a cloud security professional or you're trying to become one number one Trend that you want to look out for in 2025 is going to be getting ahead of the runtime security curve that's coming in I've been Cloud security for a little over 15 years now initially we used to rely a lot more on the cspm your Cloud security portion manager or your scap which is your Cloud native application prodection platform if you don't know what they are I'll leave a link over here for the videos where it explains what that is but point being these were the things that I used to work on or my team used to work on as Cloud security engineers and Architects to know what's wrong with Cloud security Now over time since the past couple of years a lot of AI workload have come in which meant that the cloud engineers and Cloud Architects have not being able to focus their attention on the fire hose of alerts with the red wall of alert that is coming from all the cspm scaps because most of the time the problem was we'll get a lot of alerts from cspm and cnaps we'll just hit a ro loock because we have to work with another team to resolve those issues which means there'll be a lot of alerts left in the platform catching dust while we find some time in the spring now I'm not saying it's a bad thing that we have to wait for others to work it has to work based on the risk priority so I totally understand that but in the meanwhile the work still needs to be done so now with AI kind of exploding everywhere more AI workload coming in Cloud security engineers and Architects are working on proactively trying to build a cloud blueprint so that you can build security from the beginning which means someone else need to look after and triage these alerts which fortunately security operations team or the sock team stepped in and are able to help with not just the alerts from your on- premise jeda Center OT environments iot environments and everything else that has been going on outside of the cloud which they already look after now they've opened up their doors to include the cloud alerts in there but challenge is security operations teams have always primarily worked on real issues that are happening right now and the cspm and cnaps unfortunately have always worked on a a agent or an agent L based approach which meant that your data could either be real time or could be a few hours behind which is not really the way you want to do this now this change when ebpf came in handy where as security Engineers we already had a lot of agents in a lot of the workload across our Cloud footprint we were able to use ebpf as a capability and I say V I mean the vendors who are in the cyber security space they were able to use the ebpf capability to get the real-time information so the security operations team can actually have a runtime information of what is a current threat in their Cloud environment now there's a lot more Contex around it I'm not going to spend the entire time on this I'll leave a few links over here for you to check out now closely related to that is Trend number two as well security operations team or sock team is going to be the new owner of cloud security alerts which also means that unfortunately because security operations have traditionally looked after on premise alerts as well as the alerts from other environments not the cloud ones now they have to pick up quickly on what these Cloud security alerts are how to triage them what kind of thread detect ction would be involved in it are they already getting the information from all the cybercity granddaddies who have been doing threat intelligence for a long time they're able to bring that information into the cloud world and combine all of that but then there is a problem in terms of how much of the cloud alert and the cloud capability is provided as context in terms of knowledge for the stock person now in some extent the stock Automation and AI world is trying to do some work in it there's a Security operation team which has picked up the battern from the cloud security engineers look after the cloud security alerts in 2025 they'll continue to work on improving what thread detection could look like perhaps some sock automation as well to reduce the number of alerts that are being created from the cspm scap tools as well as the runtime tools to be able to do a better triage on ignoring the alerts which are false positive automatically and at the same time being able to raise alerts for priorities that truly a security incident in your Cloud environment at any given point in time with the context of all the other environments including the complex infrastructures like your communities Ai workloads and everything else in there as well now talking about AI brings me to the third Trend that you'll see in 2025 which is Dena or data native application protection platform now what this means is as a chief information security officer or as a cyber security executive in an organization I have always maintained a data security policy data privacy team there are teams that look after hey what do we do for data which is a Health Data or a private data or a personal data that the organization is working with what we have never done and the kind of worms that no one wants to open but fortunately or unfortunately for the AI explosion we came across where data is the fuel so data had to be the number one thing that people had to focus on so a lot of people like myself are going to focus our cyber security program for 20125 around data security capability now granted there would be a lot of data security work I would probably say if you were to do a side note for AI Trends data security is going to be 97% of the thing and the 3% would be the true AI capability exploding companies that you would see which is usually what happens when Cloud exploded 15 16 years ago the same's going to happen with AI as well that's why the data security piece is going to be super important now the reason I use the word dnap is because currently in the data market there is dspm which is data security posture manager which helps you identify what kind of data is located where and in most scenarios it's able to do that in a cloud native way so it's not just your emails or your SharePoint drives it's also looking into your cloud resources like your databases uh S3 buckets drop there's a lot more storage types that are available in a cloud environment which are natively being picked up by a dspm to inform your decision on what kind of data is potentially being leaked and if it's sensitive or not obviously being Cloud native meant that there is a role that a cspm or Cena provider could play as well which is what led to aism I had a great conversation with a few people about this and it's really interesting to know that aism became that ulation of what is the the data typee that is being located in a cloud native resource and also is there a misconfiguration that is potentially impacting the cloud all in one go which is with the aism now that's just part of the thing and that's different to a dspm sorry for all the acronyms welcome to cyber security the next thing I want to talk about and one more acronym and that's the end of it which is DLP or data leakage prevention which has been there for a long time CU dspm only tells you hey this is what is wrong right now data leakage prevention again is runtime going back to my top Trend data leakage prevention is what's happening right now now that I need to be concerned about from a data leakage perspective now these are limited and even though DLP as a space has existed for a long time they have not done a great job of being Cloud native which is where the dspm world kind of came in as a cyber security leader I would think my capability should include both which is dspm and DLP combined hence the word dup but the industry may be slow to adopt this so you may see a lot more dspm for data security in the beginning of 2025 and towards the tail end of video you start seeing more DLP people talk about data security as well now these are top three things you should be looking out for but is there a trend that I'm missing drop in a comment on what you think should be the next Trend in the meanwhile I'll check out these videos from cloud security podcast which were really helpful in US identifying what the trend would be for 2025 enjoy the video peace

‍