Virtualization Technology News and Information
Article
RSS
Observable Networks 2017 Predictions: Security in the Cloud

VMblog Predictions 2017

Virtualization and Cloud executives share their predictions for 2017.  Read them in this 9th annual VMblog.com series exclusive.

Contributed by Bryan Doerr, CEO, Observable Networks

Observable Networks' 2017 Predictions: Security in the Cloud

What I see coming in 2017 is an increased focus on cloud security. Each year, our reliance on cloud services - from infrastructure to applications, drives increased public cloud adoption.  As more applications are realized in the cloud, the value of the data located there increases in value, while the negative impact of a disruption to availability, integrity or confidentiality becomes more severe.  As a result, more attention will be paid to the ways in which cloud security can be improved.

We need to first fully understand the responsibilities assigned to each party in the cloud ecosystem.  For example, the AWS shared responsibility model for cloud security is helpful in understanding how to allocate security controls between the cloud provider and the cloud user.  The cloud provider is responsible for providing a secure cloud foundation. With a public cloud infrastructure, you have a great foundation for security - both in process and technology maturity in the provider's operation of the cloud and in the services that providers offer to help their customers.  The cloud user's responsibility is to leverage these services and to layer on application-specific security to create and operate a secure application "in" the public cloud.

However, simply securing an application is not enough. Cloud infrastructures encourage rapid change. From inexpensive application experiments with short lifespans meant to flush out requirements to dynamic provisioning meant to provide fast response to changing loads in establish applications, the rate of change in the cloud far surpasses anything that existed for most companies operating their own infrastructure.  Without properly designed controls and supporting tools and processes, this can lead to unforeseen vulnerabilities and risk.

Companies need to deal with this volatility and its impact on security. Old approaches to security, especially legacy processes and tools that explicitly or implicitly assume a predominantly static or slowly changing application portfolio and infrastructure configuration will at best, simply get in the way of cloud operations and at worst, provide a false sense of security. The only way to deal with this rate of change will be a re-thinking of how to map controls to application development and operations and more process and tool automation to enforce and report on these controls.

This re-thinking is a catalyst for the emergence of SecOps and the resulting changes can be seen in job descriptions, tool dependence, vendor leverage, and, hopefully, results.  Many will view these changes with a zero sum game mentality, i.e., the goal will be to achieve the bar set by our legacy security efforts.  In fact, the shift to cloud services and the re-envisioning of security should be seen as an opportunity for significant improvement.

In 2017, cloud infrastructure, SecOps, new and highly automated security services show us the way to improved security.

##

About the Author

As Observable Networks' CEO, Bryan Doerr is responsible for developing its technology and transforming Observable into an industry-leading company.

Bryan's career is embossed with over 25 years of industry experience in corporate research, product design, IT management and executive management. Prior to Observable, Bryan was Chief Technology Officer at Savvis (now CenturyLink), where he led technology research and development and inspired the company's go-to-market strategy spanning cloud, network, hosting, security infrastructure and services as well as internal IT systems development.

Prior to joining Savvis, Bryan held a variety of software and hardware development and management positions at Bridge Information Systems, Inc., The Boeing Company, and the Applied Physics Laboratory at Johns Hopkins University.

Bryan Doerr 

Published Wednesday, November 30, 2016 7:01 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2016>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910