
Virtualization and Cloud executives share their predictions for 2014. Read them in this VMblog.com series exclusive.
Contributed article by Andrew Hay, Director of Applied Security Research at CloudPassage
Security will continue to be the primary cloud adoption concern
Cloud is still relatively new technology and, for most
organizations, largely unexplored territory. Although the draw of inexpensive
compute power, rapid scalability, and elastic utilization will continue to draw
the enterprise to cloud, like moths to a flame, security concerns stand
resolute.
Every survey conducted over the past two years reflects that
security is and will continue to be the primary cloud adoption concern of most
enterprise organizations. The "2013 Cloud Computing
Outlook" survey, conducted by 451 Research's Peter ffoulkes, found that
security remained "the paramount pain point, cited by 30% of respondents, with
no other criterion breaking the 20% level." Likewise, the 2012 CloudPassage
Security and the Cloud Survey found that 69% of respondents stated that
security was a "HIGH" concern. The 2013 IDG
Enterprise Cloud Computing research cited that 66% of respondents named
security as the top concern for IT departments.
With the number of enterprise breaches showing no signs of
decline, coupled with the surge of government surveillance concerns and growing
speculations of state-sponsored espionage, all indicators point to security
continuing its reign as the primary roadblock to cloud adoption.
End-to-end automation
will be table stakes
We will likely remember 2012 as the year that server
automation came into its own. In 2013, DevOps became a credible job title (at
the time of this writing jobsites Indeed.com, Dice.com, and Monster.com showed 853,
225, and 139 jobs, respectively, that had "DevOps" in the title). Venture-backed
startups are actively searching for DevOps engineers in various roles and
responsibilities as well, with well-known startup job site VentureLoop.com
offering 145 DevOps positions.
If IT automation were a horse, it would likely be referred
to as a "sure thing".
Investors think so too. Both Puppet Labs and Chef (formally
OpsCode) raised Series
D funding of $30M and $32M,
respectively. Newest challengers SaltStack ($685k in Seed funding) and AnsibleWorks
($6M in Series A funding) also made a splash.
It's likely that application, application stack, and server
automation will become a ubiquitous model for enterprise deployment in 2014.
Unfortunately, getting servers and applications up and running is not, and
should not be, the finish line. Security automation rounds out the IT
automation lifecycle.
Neil MacDonald from Gartner predicts that
automation for enterprise security won't arrive until 2015. Enterprises,
however, are actively investing in and deploying security automation products
since the beginning of 2013. A great
example of security automation is Citrix ShareFile. In a recent GigaOm
webinar, Citrix ShareFile discussed how, due to the dynamic scalability
requirements of their product, they needed end-to-end automation of their
applications and servers - automation that included security automation.
##
About the
Author
Andrew Hay is the
Director of Applied Security Research at
CloudPassage and former Senior Security Analyst
for 451 Research.