Virtualization and Cloud executives share their predictions for 2013. Read them in this VMblog.com series exclusive.
Contributed article by Bill Hackenberger, CEO and co-founder of HighCloud Security
Three Cloud Security Predictions for 2013
I've been working in the software
security space for more than three decades. For years, organizations invested
in hardening their perimeter to ensure data privacy. With the rapid growth of
the cloud and the emergence of software-defined networks, the idea of a
‘perimeter' becomes almost meaningless. In the wake of 2012's massive security
breaches and continually evolving privacy regulations 2013 will be a defining
year for cloud security. With that in mind, here are three predictions for 2013:
1) A significant data
breach will occur at a cloud service provider that exposes data from multiple companies.
Given the record number of breaches in 2012, perhaps this is not such a bold
prediction. However, it is worthwhile reminding ourselves that many breaches are not necessarily the
result of the actions of nefarious individuals, but rather a simple case of
data being mishandled or networks being misconfigured. Breaches happen all the time in private data
centers, and even if a cloud provider assembles the greatest IT team ever, they are nonetheless human, and mistakes are
What I hope will precipitate from this event will be a
growing recognition that every company bears the responsibility to secure their
data - no matter where it resides. It will also highlight the fact that
organizations should not only encrypt the data they have in the cloud, but must
retain control of the encryption keys, rather than expect the cloud provider to
hold the data and encryption keys for them.
2) There will be an expansion in the nascent business of
data breach insurance for the cloud. As insurance companies set their prices
based on risk, companies exhibiting more mature security practices should be
able to attain better rates. Audits and
assessments of security practices for insurance purposes will emerge as a
growing business. As it turns out, insurance
companies themselves need to be paying more attention to the space.
3) At a governmental level, Congress will pass a federal data breach law that
includes safe harbor from public notification if the data breached was suitably
encrypted. The HIPAA/HITECH security guidelines for the healthcare industry
include this safe harbor, as well as some states. But navigating the laws of
each individual state and regulation is an untenable burden for companies. A
clearly-defined national cybersecurity policy is crucial to the ongoing growth
of our economy.
So, what have
we learned from past breaches and the prospect of even more damaging ones to come?
It's simple. Encrypt important data in your private data center and you
absolutely should encrypt any private data you put into the public cloud.
Proactive measures today can avoid a costly breach down the road.
About the Author
Bill Hackenberger is
a 30+ year veteran of enterprise security and CEO of HighCloud Security, a
software company specifically engineered to address unique data privacy and
encryption needs within private, hybrid and public clouds. For more information
on HighCloud Security, visit www.highcloudsecurity.com