As IT organizations of all sizes begin to shift sensitive data and mission-critical business information away from more traditional data centers and into the cloud, 2016 is expected to be an important year for cloud service providers and users that are demanding new adaptations for cloud security. Many companies are discovering that traditional ways of managing IT security do not work as well for cloud-based solutions.
With attacks on cloud-based IT infrastructure becoming more sophisticated, security efforts must evolve more quickly in the coming year. Attacks of these kinds will only continue and increase in scale as the value of cloud-based data expands. In 2016, I expect that cloud security innovation will center on four primary trends.
Serverless frameworks open new vulnerabilities
The growing popularity of serverless frameworks – think Amazon Web Services (News - Alert) (AWS) Lambda – show that we are moving toward new possibilities for code-PaaS (code-based Platform-as-a-Service), where organizations do not have to manage their own virtual machines, operating systems or containers.
This dramatically alters the approach to cloud security, because unfortunately, it opens up a new attack vector: APIs. Most IT teams are not used to defending against attacks of this nature.
Security measures move to the control plane
If companies don’t find a way to monitor their infrastructure in close to real-time, their weaknesses will continue to be exploited over and over from attacks via the control plane.
One of the most ambitious cloud security innovations of 2016 is going to be related to the Control plane. We are going to see numerous host and network-based security measures being integrated into the cloud’s control plane, and the control plane will become a central destination for host events, network events and serverless-process events via APIs. Instead of the presence-based discovery methods that are utilized by traditional data center and in-line network security solutions, the future is going to be all about real-time “fire-hose” streams that deliver greater visibility and faster responses.
Native security and the continuous deployment (CI/CD) pipeline
Another big advancement in cloud security next year will be the trend toward security becoming more native to the overall pipeline of continuous integration and continuous deployment (CI/CD). By integrating cloud security more closely into the CI/CD pipeline, organizations will be able to make their security operations more agile and more DevOps-friendly.
Because of these changes, popular CI/CD solutions such as Jenkins will increasingly provide automated security validation and new code verification as a regular step in the quality-assurance stage of the continuous deployment process.
New innovations from big security vendors
A lot of innovation in cloud security during recent years has come from small innovators and startups. In 2016, we’re going to see more of the big, established security solution providers start to deliver next generation cloud security tools that fully support cloud-based ways of thinking. If not, these big vendors are going to run the risk of seeing their market turned upside down by more adaptable smaller companies. In the race to dominate this emerging market for cloud security, we’re going to see two big trends.
First, the big established security providers are going to start delivering more cloud-aware security solutions, whether that’s by developing new product innovations or by acquiring smaller companies that have proprietary solutions. Second, Microsoft (News - Alert)'s Azure and AWS will be battling hard to attract and retain customers by offering expanded security features. Look to see more security features related to the shared security model that are focused on helping customers get better control and visibility over what is happening in their cloud infrastructure.
I also expect to see feature parity fully achieved in the IaaS space, as the two biggest players in the cloud services market start to offer more rich security capabilities, added features and new offerings from third-party partners.
The future of cloud security is more complex and exciting than ever before. We expect that 2016 will be another fast-paced year of dynamism and growth for this increasingly important space.
Tim Prendergast is founder and CEO of Evident.io. With well over two decades of pushing the limits of technology, Tim created Evident.io as the first security company focused solely on programmatic infrastructures (cloud). His prior experience includes leading technology teams at Adobe, Ingenuity, Ticketmaster and McAfee (News - Alert). He holds over 15 years’ security experience, including eight in AWS security experience and three years in the Adobe AWS infrastructure from inception to production. Follow Tim on LinkedIn and Twitter.