Virtualization Technology News and Information
HighCloud Security: Three Cloud Security Predictions for 2013

VMblog Predictions

Virtualization and Cloud executives share their predictions for 2013.  Read them in this series exclusive.

Contributed article by Bill Hackenberger, CEO and co-founder of HighCloud Security

Three Cloud Security Predictions for 2013

I've been working in the software security space for more than three decades. For years, organizations invested in hardening their perimeter to ensure data privacy. With the rapid growth of the cloud and the emergence of software-defined networks, the idea of a ‘perimeter' becomes almost meaningless. In the wake of 2012's massive security breaches and continually evolving privacy regulations 2013 will be a defining year for cloud security. With that in mind, here are three predictions for 2013:

1)  A significant data breach will occur at a cloud service provider that exposes data from multiple companies. Given the record number of breaches in 2012, perhaps this is not such a bold prediction. However, it is worthwhile reminding ourselves  that many breaches are not necessarily the result of the actions of nefarious individuals, but rather a simple case of data being mishandled or networks being misconfigured.  Breaches happen all the time in private data centers, and even if a cloud provider assembles the greatest IT team ever,  they are nonetheless human, and mistakes are inevitable.  

What I hope will precipitate from this event will be a growing recognition that every company bears the responsibility to secure their data - no matter where it resides. It will also highlight the fact that organizations should not only encrypt the data they have in the cloud, but must retain control of the encryption keys, rather than expect the cloud provider to hold the data and encryption keys for them.

2) There will be an expansion in the nascent business of data breach insurance for the cloud. As insurance companies set their prices based on risk, companies exhibiting more mature security practices should be able to attain better rates.  Audits and assessments of security practices for insurance purposes will emerge as a growing business. As it turns out, insurance companies themselves need to be paying more attention to the space.

3) At a governmental level, Congress will pass a federal data breach law that includes safe harbor from public notification if the data breached was suitably encrypted. The HIPAA/HITECH security guidelines for the healthcare industry include this safe harbor, as well as some states. But navigating the laws of each individual state and regulation is an untenable burden for companies. A clearly-defined national cybersecurity policy is crucial to the ongoing growth of our economy.

So, what have we learned from past breaches and the prospect of even more damaging ones to come? It's simple. Encrypt important data in your private data center and you absolutely should encrypt any private data you put into the public cloud. Proactive measures today can avoid a costly breach down the road.


About the Author

Bill Hackenberger is a 30+ year veteran of enterprise security and CEO of HighCloud Security, a software company specifically engineered to address unique data privacy and encryption needs within private, hybrid and public clouds. For more information on HighCloud Security, visit
Published Thursday, December 20, 2012 6:20 AM by David Marshall
Comments - Virtualization Technology News and Information for Everyone - (Author's Link) - January 15, 2013 6:59 AM

First, I'd like to personally thank everyone for being a valued member and reader of VMblog! Once again, with the help of each of you, VMblog has been able to remain one of the oldest and most successful virtualization and cloud news sites on the Web

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2012>