Virtualization Technology News and Information
HyTrust 2014 Predictions - Cloud Security in 2014

VMblog 2014 Prediction Series

Virtualization and Cloud executives share their predictions for 2014.  Read them in this series exclusive.

Contributed article by Eric Chiu, president & co-founder, HyTrust, the cloud infrastructure control company

Cloud Security in 2014

In 2014, organizations will discover the importance of BYOS for public cloud. Given the recent disclosures about government access to cloud service provider networks, we'll see further investment in key management systems that allow organizations to keep control of their encryption keys themselves vs. entrusting that critical security measure to the same vendor that holds their data.

Cloud security automation will also ramp up. Organizations will drive for greater automation and orchestration of security in the cloud and seek vendors that can secure both private and public cloud environments.

Policy will become a main focus. Since cloud environments are dynamic and workloads are mobile (even between cloud providers), automated security based on embedded workload policy will be critical for the next stage of cloud adoption. 

It will no longer be a choice between private or public cloud. Companies will implement a combined private and public cloud strategy to offer freedom of choice to business units. However, data security and governance will become paramount to enabling this journey. And encrypting all workloads in the cloud will become a default requirement. Also, private cloud will develop into two camps, with two different primary buyers: "Out-of-the-box" customers that will buy pre-built, pre-integrated solutions on converged infrastructure platforms, and customers that want to build their own using open source components.

Vendor consolidation will continue. Organizations will look to buy more solutions from a single vendor and demand greater integration between solutions to automate security. In addition, the fact that securing cloud environments is very different from securing traditional physical environments will drive greater consolidation in the market. And we'll see data center consolidation become the new driver for private cloud computing to enable even greater efficiencies and cost savings. Next-generation data center architectures will require logical infrastructure segmentation (rather than physical air-gapping) to enable multi-tenant private clouds.

Companies will also look to automate governance in the cloud. The internal corporate governance process is typically cumbersome and involves multiple reviews by different groups, which erodes the agility that cloud enables. Thus, agility will be the driver in 2014 to automate these governance processes.

Insider threats will continue to be the number one cause of breaches. And we'll see that access controls, role-based monitoring and the "two-man rule" will become key requirements in the cloud to prevent major breaches and datacenter failures.

Finally, companies will look to pilot and implement software-defined networking as the next step in their virtualization journey. Software-defined infrastructure will put greater focus on securing the management plane given the greater concentration of risk and potential for catastrophic failure.


About the Author

Eric Chiu is president and co-founder of HyTrust, a company focused on cloud and virtualization control, security, management and compliance. He has in-depth knowledge about what's needed to achieve the same level of operational readiness in virtual as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company.

Published Friday, December 06, 2013 6:44 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2013>