Virtualization Technology News and Information
Vormetric 2015 Predictions: Winning the 2015 Cloud Security Race


Virtualization and Cloud executives share their predictions for 2015.  Read them in this series exclusive.

Contributed article by C.J. Radford, vice president of cloud at Vormetric

Winning the 2015 Cloud Security Race

It has been quite the year, the year vulnerabilities and breaches turned into what seemed like a regular occurrence. iCloud, Goodwill,, Home Depot, The White House, Bash, USPS, NOAA, Sony - and that's just recapping breaches that occurred after August. But with enterprises demanding greater cloud visibility and continuous monitoring, we can only go up from here.

2014 has been no stranger to the financial ramifications of data breaches but will 2015 fare better? As this year comes to an end, below are predictions we laid out for 2015: 

1.  Cloud - Safer than your own network

In 2014, we saw AWS customers (especially in the small and mid-size segments) start to lay claim that they couldn't make their own networks as secure as using Amazon's EC2/S3 infrastructure services.  This trend will accelerate in 2015. Small and medium businesses usage of cloud applications will increase because they are unable to keep pace with the rate of change of attacks and threats, as well as resulting legal and compliance requirements.  Why? Mainly due to the cost and level of effort it would require to adequately protect against the myriad of data breach possibilities. They want to be experts in their businesses, not in IT Security, and their organizations don't have the size and scale to justify in-house resources to do it themselves. As a result, they will rely partially on their service providers like Amazon Web Services. This doesn't mean that these organizations are handing over all responsibility to Amazon. Amazon clearly states that security is a joint responsibility and spells out specific areas they will commit to versus end user responsibilities.

2.  Increased concerns with privacy and security in SaaS environments will result in big investments to safeguard enterprise data

With over 50 percent of enterprise application spending in 2014 going to SaaS, and the expectation that 2015 will be no different, and with sensitive data a large component of the information used and stored there, large organizations will open their coffers to increase spending on data security protections for SaaS environments. Protections used will include cloud gateways, tokenization and data masking solutions at a minimum.

3.  SaaS providers that address this need will thrive.

Broadly speaking, SaaS providers that provide explicit security controls, as well as additional detail on data locations and written security commitments, will see their business increase at the expense of competitors who lag. This is the minimum bar for 2015. For forward thinking SaaS providers, 2015 is the timeframe to think through how they can provide additional and/or enhanced security services options to customers. One primary option that should be high on every SaaS provider list - encrypting customer data-at-rest using encryption keys held by customers.  If SaaS providers don't have an answer for the ability to turn over encryption key custodianship to their end customers, either recommend a best-in-class solution or have this capability on the roadmap, SaaS providers can expect an exodus of customers starting in 2016 for the lack of this capability.

4.  Major cloud or SaaS provider data breach

To date, most cloud related breaches have been a result of the failure of the customer, not the cloud provider. But I view that as more of a fortunate circumstance than a real indication of risk. Someone will fail to connect the dots in the cloud world.  Increased threats, and the storage of large amounts of critical data create a large bulls-eye directly on some SaaS and Cloud environments. A major cloud or SaaS application provider will be breached, compromising its financial position and resulting in major customer churn. 

5.  All serious IaaS/hosting/managed service providers will offer an encryption and access control service to customers

As the bar continues to be raised for cloud services to earn the trust of enterprise business, service provider vendors of all types will offer a baseline and advanced security service set to enterprise customers for data protection within their environments. Those who don't risk market share and growth erosion from those who do.

6.  Hosted private cloud will take over from in-house private clouds as the preferred private cloud deployment model

As economies of scale, service level commitments and security visibility and controls become more widely available from cloud providers, enterprises will increasingly favor hosted private cloud environments that offer the best of both worlds - scalability from public clouds and increased security required for enterprise data protection and operation.

Ultimately, despite major hurdles within the security landscape, I believe 2015 will be the year organizations are forced to wise up about protecting digital assets in the cloud.

About the Author

C.J. Radford joined Vormetric in March 2013 as vice president of cloud and is responsible for leading the company's cloud strategy and growth via strategic partnerships with cloud service providers (CSPs). He came to Vormetric from Symantec Corporation, where he spent more than five years driving business development and new strategic growth initiatives within the rapidly evolving CSP market and served as their business development director and head of the cloud and IT services team for the company's global business development and alliances group. Radford also brings to Vormetric extensive expertise in the private equity and corporate finance industries, having served in leadership roles at Parallel Investment Partners, West Lake Partners, J.H. Whitney & Co. and Bear, Stearns & Co. He holds a bachelor's degree in business administration from the University of Oregon and an MBA from the University of California, Berkeley.
Published Friday, December 19, 2014 7:17 AM by David Marshall
@VMblog - (Author's Link) - February 10, 2015 6:57 AM

Once again, how great is it to be a part of the virtualization and cloud industries? 2014 was another banner year, and we witnessed a number of fantastic technologies take shape and skyrocket. And I, along with many industry experts and executives, media

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2014>