Good evening. And while the slide is coming up, I'll just reassure that the younger people in the audience that this thing round my neck is a 20th century relic that was part of fashion, it's not dangerous. So I've been researching the cloud for something like 15 years and I've seen it go through three epochs of concerns. First of all, the, the, the users were concerned that the cloud service providers we're going to be insecure. Then the next epoch was that if we use the cloud, we're not going to be compliant.
And now we've got the concerns that come with API with with artificial intelligence because invariably the way in which artificial dep intelligence is being deployed is through the cloud. Now in response to these concerns, the market has produced what I would describe as cloud alphabet soup. It falls like rain from the vendors.
Have we got loads and loads of point solutions? But what is the problem that these solutions are trying to address?
Well, first of all, they're already out of date because IBM is predicting that in the next five years there will be 1 billion new apps developed using the capabilities from generative AI to massively accelerate the rate at which application development takes place. It's going to move from something like the medieval monk writing manuscripts in his cells, which is what currently is doing with coding, where you can more or less say to chat GPT, give me a piece of code.
In addition, there are ethical concerns that come with the use of AI as part of your digital transformation, your app, you know, how do you avoid harm, how do you ensure accountability for any decisions that are taking and how do you secure the data and ensure the privacy of the data? And all of this is delivered from a hybrid multi-cloud IT environment. So we've got an enormous number of complexities that are involved in there, which cover security and wider things to do with ethics as well as simple regulatory compliance.
And in terms of what the business is concerned about, compliance remains at the top of this. But data breach and data security are part of this, but also business continuity. And we've heard the NIS two directive we've heard about dora, all of which are concerns related to business continuity. Now in fact, the fact that this is div is delivered from the multiple cloud causes all kinds of challenges.
And I'm going to look at a couple of these. The first of these is that the responsibility for security in the cloud is shared between the cloud service provider and the cloud service customer.
And indeed this was alluded to by the previous talk about I do and many organizations that thought the problem was going to be insecurity of the cloud infrastructure have discovered that the problem is insecurity of their use of the cloud. And interestingly, when cloud service providers say they have an Esso service organization control to report, if you read what a SOC two report includes, it includes whether or not that cloud contains the capabilities for the users of the cloud to use it securely. It doesn't check whether they've actually done that.
So you are responsible for implementing the controls that have been provided by the cloud service provider.
The com, the security of how you use your cloud is in fact the same, all the same issues as you had with any kind of IT system. It's about things from how you identify and control access. It's about how you secure the virtual network, the software defined network inside the cloud, how you manage the vulnerabilities that are in the artifacts that sit inside the cloud and how you protect that data.
And sure enough, each cloud service provider provides you, like I said, with those capabilities, there's only one challenge. They're all different. The way that you do it on AWS is the way is different from the way that you do it on Google Cloud. And it's different again from from Azure. Although the capabilities are there now in terms of the perception of the tools that are to do with development. Those tools have now focused on guess what?
It's containers and Kubernetes. But the world is changing in respect of that.
So what arose from all of this is these individual point solutions that are called that I'm calling this cloud alphabet soup. And what we need to do is to start to aggregate these into a single some form of security fabric because with all the different things we've got basically an ad hoc approach which isn't good. So AI is making it even worse because what we had in the old world was cloud workload protection, which was controlling and helping you with the virtual resources that allow lay within the cloud.
And that is becoming AI platform protection, which has got to include things like GPU workloads and security of the DevOps pipeline as well as virtual machines and so forth that we had cloud security posture management, which covered all of the regular security things.
This is going to have to become AI security, posture management, which is going to cover things like training data and a the AI model supply chain because many low LLMs are in fact if you will, taken from an open source.
So what we really want is, and if you can see, you can see some of the things which are highlighted here that where we were previously just thinking about Kubernetes development, we've got to take into account that much of this code is going to be generated by Gen AI and that might be making mistakes that the data protection which was previously just simple encryption, we need to start thinking about quantum safe encryption. And in order to manage it, we need to use a friendly AI bot to help us to do this.
And as you can see, the cloud alphabet soup has got even bigger because of the things that I said.
So what we really need is a single security platform which provides, if you will, an AI supported security fabric. And that is really the message. Now if we've got five minutes, we can go through the the, the leadership compass.
Now, Alexi and Alejandro earlier on described to you what these are. So I'm not going to dwell upon how it's created or what it contains, but what we actually do is we looked at cloud native protection platforms as they exist today and we looked at all of these kinds of capabilities and I think you can go and find this on, on the KuppingerCole website if you've got a subscription or you may get it as part of this EIC cost. And we covered in this a variety of vendors, which you can, you can see here ranging from Wiz through to aqua.
And in addition, we also looked at many others and we came up with an overall view of leadership where we have some very good vendors, which are good at dealing with the world as it exists today.
What we need to do is to look into the future and look, look out for the new versions of this that will be coming out in the next 12 months.
And as was described by Alexia earlier on, we also look at each vendor not in term, not just in terms of its overall leadership, but also in terms of its capabilities in a number of different areas, which you can see shown in this kind of spider chart and give a a PL a plus and a minus for the vendor. And I think this was taken for Lacework, which is a well-known vendor in this market space. So we looked at another of vendors who for one reason or another we couldn't include.
But in terms of a conclusion, what we can see is that there has been already a massive development over the last 10 years in the use of cloud and AI is changing this dramatically, that although we have these dramatic changes in the technology, we still have the same business concerns of business continuity compliance and preventing data breaches. We've got these extra challenges from security and we need something more than cloud acronym soup.
We are really looking for something that supports a genuine security fabric, which allows organizations to manage the security elements of them, multi-cloud hybrid environment in a common way. Thank you.
