Industry executives and experts share their predictions for 2018. Read them in this 10th annual VMblog.com series exclusive.
Contributed by Tim Prendergast, CEO of Evident.io
Customers Will Demand Cloud Security and Compliance in 2018
Organizations that use public clouds are adopting an increasingly sophisticated approach to
security. While they have become comfortable with their sensitive workloads operating in the
cloud over the past few years, they also have gained a better understanding of what's required
to apply security best practices across the entirety of their cloud framework. There is also more
general awareness of compliance demands and the corresponding need to employ smarter
strategies to continuous compliance.
Preparing to meet these demands will require organizations to make cloud security and
compliance a priority, but we are already seeing smart enterprises take note of certain trends.
To that end, enterprises will make the following significant advances in 2018, and those who
take advantage of them will prosper:
Demand from customers for more compliance reporting: In 2017 we saw many examples of
breaches that were a result of 3rd party vendors not properly securing data in the cloud. We
predict that in 2018, we'll see more enterprises demand assurances about the steps vendors
are taking to secure data in their cloud environment. And, perhaps we'll start to see more
enterprises demand security, compliance service-level agreements, and a regular reporting
cadence over and above an annual audit.
Massive shift from single cloud to multicloud: The adoption of multiple clouds is becoming and
will continue to be more prevalent, creating an even more complex situation for security and
compliance teams who struggle to keep up with development. Despite the additional
complexity, organizations will make the move to multicloud in order to satisfy availability and
disaster recovery requirements, the technology preferences of development teams, or as a
tactic to manage growing cloud expenses. Additionally, companies are also looking at cloud
agnostic microservices and secondary cloud services for their future uses.
Enterprises will make a meaningful move to predictive security rather than reactive: The
market is becoming more sophisticated when it comes to cloud security and they are pushing
the envelope around integration and incident life cycle management. We predict that
companies will really start to be much more proactive at managing security within the DevOps
lifecycle. There is a huge need to integrate security into the development process rather than
reacting to issues once a project has been deployed to production. If companies can
implement the DevSecOps mindset into both their culture and products in 2018 then security
will be all around better for it. This mindset will need to affect both hiring practices and
processes for companies and it will potentially fundamentally change what a security engineer
looks like.
Container and serverless computing ramps up creating security headaches: In 2018 companies
will move to adopt the cloud-native approach and the traditional host-based operation system
will either become irrelevant or it will need to reinvent itself or die. From a security standpoint,
no one is really prepared to secure all these containers and functional compute opportunities,
but people are adopting it nonetheless.
Cloud adoption will continue to rapidly increase, but so will attempts to attack its
vulnerabilities. Organizations that take the necessary steps to effectively manage risk will be
best prepared to protect their data, people, and assets.
##
About the Author
Tim co-founded Evident.io to help others avoid the pain he endured when helping Adobe
adopt the cloud at a massive level. After years of building, operating, and securing services in
AWS, he set out to make security approachable and repeatable for companies of all sizes. Tim
led technology teams at Adobe, Ingenuity, Ticketmaster, and McAfee.