infoTECH Feature

December 01, 2014

2015 Cloud Security Predictions

By TMCnet Special Guest
Eric Chiu i, President and co-Founder, HyTrust

If 2014 was the year of the cloud, 2015 is shaping up to be the year of cloud security. On the heels of some of the largest data breaches in history in 2014, organizations are doubling down and security is gaining board room visibility. Enterprise have spent the past few years building out private and hybrid cloud infrastructure to gain agility and improve ROI. Only now are internal auditors, risk and compliance officers and regulators recognizing that with new technology comes new risk.

With these trends in mind, here are the top 10 cloud security predictions for 2015.

  1. SDN (Software Defined Networking) will become SSDN (Secure Software Defined Networking). As organizations begin implementing SDNs to support production applications, they will recognize the importance of securing access this very powerful layer in their infrastructure.
  2. ‘Secure’ will gain focus over ‘compliant.’ It’s become clear – companies that are compliant with privacy regulations can still be breached. Organizations must recognize that regulations often lag technology trends, and refocus their effort on what makes them secure.
  3. Data sovereignty will increase momentum. As cloud technology develops, more organizations will establish policy and implement technology to ensure data doesn’t leave trusted boundaries.
  4. Companies will double down on insider threat prevention. The majority of recently publicized attacks involved the compromise of privileged administrator accounts. Organizations will re-evaluate how they monitor and control these users, and allocate the required budget to implement new strategies
  5. Policy and automation will take the spotlight. Virtualization, the foundation of most cloud infrastructure, promises business and IT agility. But managing this dynamic infrastructure will require security automation to maximize uptime and provide continued secure operations.
  6. Hybrid cloud deployment will grow. Public cloud agility can’t be ignored and many organizations will identify the applications that are ripe for public cloud, but they will also retain mission critical apps in house and leverage Hybrid clouds for business continuity, disaster recovery and like-cloud bursting.
  7. BYOS will continue for public cloud. Given the recent disclosures about government access to cloud service provider networks, we’ll see further investment in key management systems that allow organizations to keep control of their encryption keys themselves vs. entrusting that critical security measure to the same vendor that holds their encrypted data.
  8. Insider threats will continue to be a primary cause of breaches. Access controls, role-based monitoring and the “two-man rule” will become key requirements in the cloud to prevent major breaches and datacenter failures either from malicious insiders or those who attain their credentials.
  9. Privileged identity management and access controls will evolve to support the accelerating adoption of cloud services. The continued growth of SaaS (News - Alert), PaaS and IaaS will drive an exponential growth of privileged administrators. But security controls need to be enhanced and/or replaced with more context-aware access controls and automatic credentials management to support these next generation infrastructures.
  10. Enterprise will bolster cyber-security policies regarding encryption. The economic backlash against US-made hardware and software in the wake of Snowden’s revelations has effected the top line and brands of high profile companies such as Apple, Google (News - Alert) and Amazon, etc., and they are determined to turn that around by implementing greater encryption measures. Good privacy is good for business and consumers.

Eric Chiu is a recognized security technology expert and business leader, currently serving as president and co-founder of HyTrust (www.hytrust.com), the Cloud Security Automation company. He previously served in executive roles at Cemaphore Systems and MailFrontier, and was a Venture Capitalist at Brentwood (now Redpoint) and Pinnacle Ventures. He is a published author and speaks frequently at industry forums internationally.




Edited by Stefania Viscusi
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers