Virtualization Technology News and Information
AlgoSec 2014 Predictions - Cloud Security Predictions

VMblog 2014 Prediction Series

Virtualization and Cloud executives share their predictions for 2014.  Read them in this series exclusive.

Contributed article by Edy Almer, Vice President Product Management, AlgoSec

Cloud Security Predictions for 2014

2013 was the year that virtualization and cloud migrations large scale trials began to take root. As more organizations begin to leverage the many operational and financial benefits of the cloud - whether private, public or hybrid - the next logical step is to enhance cloud security.

The cloud means a lot of different things to different people and when it comes to cloud security I think we have to make at least two important distinctions - Security FROM the cloud, and security FOR the cloud. A further distinction to be made is between security for infrastructure in the cloud - whether private, public or hybrid - and security for data in the cloud.

In fact, according to a recent Gartner report, cloud-based security services are expected to overtake those of traditional on-premises security equipment in the next three years.

So now let's examine some predictions for the coming year...

We will start to see more organizations moving critical workloads into private clouds, with many existing security vendors and products adapting and evolving to support and optimize the experience. Although many organizations have yet to migrate a significant percentage of their business applications to the cloud, most plan to increase their reliance upon cloud-based applications in the future with more than two-thirds of respondents in a recent survey stating they plan to migrate critical applications to private (34%) or hybrid (35%) clouds.
  • Two breakthroughs will occur with regards to the public cloud. First, more non-critical workloads will be moved into public clouds, providing organizations with the operational and financial benefits, but without putting business critical applications in the hands of a third party to manage. Second, within public clouds, we are likely to see widespread encryption programs for protecting sensitive or regulated data uploaded to those clouds. While in the past content and cloud providers have resorted more to legal means to mitigate risks of a data breach or outage to a critical application, as cloud services mature, we will start to see more organizations adopting a model where vendors are not just offering SaaS, but also including security controls in conjunction with their services.
  • As more organizations migrate their critical applications and data centers into the cloud, more emphasis will be placed on ensuring availability. While this isn't so much a "cloud security" trend in the sense of protecting information from attacks, etc., it does require taking a different approach to looking at the security policy that enables the connectivity of these applications. The process of migrating to the cloud is disruptive to existing applications and special care should be taken to maintain connectivity and prevent unplanned application downtime and associated losses. In a recent survey, two-thirds of organizations reported suffering unforeseen connectivity disruptions or outages in connection with migrating data center applications at least occasionally. For 23%, migration caused unexpected outages or disruptions at least "often" while 5% said they were plagued by problems "nearly every time". With more migration projects and a higher priority placed on these projects, the importance of ensuring the connectivity will be a focus.
  • Protecting information will push its way further up the priority list as security teams focus efforts on securing the data itself instead of simply the servers it resides on. A greater focus will be put on securing data-at-rest, thus mitigating the need to some degree the reliance on system administrators to maintain OS level controls, often outside the scope of management for information security teams. Additionally, with more applications and data processed and housed in the cloud, organizations will collect less data where it is not necessary for compliance or for business reasons.

How do you plan to evolve your strategy around the cloud and tackle cloud security challenges in 2014? Good luck!


About the Author

Edy Almer is the Vice President Product Management at AlgoSec. He is responsible for developing and executing a clearly defined product strategy for AlgoSec. AlgoSec is the market leader for security policy management, enabling organizations to manage security at the speed of business. More than 1000 of the world's leading organizations, including 15 of the Fortune 50, rely on AlgoSec for faster security provisioning business applications, simplified security operations and improved protection against cyber-attacks. 
Published Wednesday, December 18, 2013 6:22 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2013>