Light Dark
January 18, 2022 By David Bisson 3 min read
Cloud Security
Data Protection
Incident Response
Risk Management
Security Services

Many organizations have cloud security on their minds going into 2022. In April 2021, for instance, Gartner predicted that global end-user spending on cloud management and security services would reach $18 million the following year. That’s a growth of 30% over the previous two years.

The forecasts discussed above raise an important question. Where exactly will these businesses and agencies be committing their cloud security spending in 2022? There are three trends to watch over the next 12 months. Keep an eye on cybersecurity mesh, hybrid and multi-cloud environments and cloud-native tools and platforms.

Cloud Security Trend #1: Cybersecurity Mesh

In its list of top strategic tech trends for 2022, Gartner defined cybersecurity mesh as “a flexible, composable architecture that integrates widely distributed and disparate security services.” It provides a means of verifying identity, context and policy adherence across all relevant environments, including the cloud. As such, it’s smart to use a cybersecurity mesh architecture as part of broader defensive approaches.

Niel Harper, a CISO, agrees.

“The goal would be to move perimeters encapsulating data centers to … identities and objects that are not on-premises or on the same network — specifically, users accessing objects from anywhere, anytime and with a variety of device form factors,” he said. “It also enables organizations to bring cloud services into their zero trust architecture and employ adaptive access control with more granular analyses of both subjects and objects.”

To put this in place, invest in a series of controls. These can help to bring zero trust, cloud security and other plans together. Harper pointed out two key cloud-related measures — cloud access security brokers and cloud infrastructure entitlement management. Endpoint detection and response and multi-factor authentication also fit in here, among others.

Trend #2: Hybrid and Multi-Cloud Environments

Cybersecurity mesh and other defense solutions advance more than just zero trust. They can also help to secure hybrid and multi-cloud environments.

Businesses and agencies are turning to these types of strategies more and more. Take the hybrid cloud, for example. Cofense reported that 90% of organizations will be using these to meet their needs by 2022. What that might look like could vary. For some, it could involve a mix of public and private cloud services. For others, it could consist of both in-cloud and on-premises assets. Others might use both.

It’s a similar story with the multi-cloud, a strategy that includes more than one cloud service. In a survey of IT leaders, 95% of respondents said they’re making multi-cloud a strategic priority for their businesses in 2022. About the same percentage (96%) reported that security was top of mind. But only 54% said that they were highly confident in the tools or skills they needed to execute that defensive program. Even more than that (76%) of respondents said that they didn’t feel that their group had invested enough in their multi-cloud project, leaving them ill-prepared to defend against digital threats.

This lack of funding makes another issue worse. That is, the hybrid cloud and multi-cloud environments introduce security challenges. They increase complexity, which reduces visibility.

In response to those obstacles, consider third-party cloud marketplaces such as the AWS Marketplace. These resources can help to provide security teams with software and services that they can use in the cloud.

Trend #3: Cloud-Native Tools and Platforms

Gartner also highlighted the importance of cloud-native platforms for 2022. These empower businesses and agencies to build application architectures that make the most of the cloud. After all, you can’t protect cloud assets the same way as on-premises resources. Internal teams protect the latter. That’s not true for the former, as the shared responsibility model dictates that infosec personnel provide security ‘in’ the cloud only. The cloud service provider is responsible for the security ‘of’ the cloud or safeguarding the physical hosts, network and infrastructure that run the cloud services. This division limits the degree of control that internal teams can have over security efforts.

To make the most of cloud-native tools and platforms, understand what part of the defensive perimeter belongs to you. Then, get the right tools for it. If you don’t, you could leave your business or agency exposed to threat actors who exploit vulnerabilities and misconfigurations in the cloud. This could also make it more costly to recover from a cloud security incident if and when one occurs. Hence the advantage of working with strategic vendor partnerships that bring security and visibility together.

Why Is Cloud Security Important for 2022?

Businesses and agencies will likely be moving more services to the cloud in the coming year. According to ITProPortal, 28% of spending in key IT segments will migrate to the cloud in 2022. This increase in cloud-based services will affect $1.3 trillion in IT spending.

In response, business leaders need to pay attention to securing their cloud-based services. Cybersecurity mesh, multi- and hybrid-cloud security strategies and cloud-native tools can help them to do that.

 |  |  |  |  | 
David Bisson
Contributing Editor

More from Cloud Security
January 22, 2025

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

January 8, 2025

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature