Industry executives and experts share their predictions for 2020.  Read them in this 12th annual VMblog.com series exclusive.

By Eric Trexler, VP, Global Government, Forcepoint

Organizations will become "Cloud Smart" but remain "Cloud Dumb"

As we enter 2020 more and more organizations, especially government agencies, are moving to the Cloud as part of their digital transformation. We should expect to see greater and greater breaches of Public Cloud systems as a result. 

This change will come about, in part, due to a shifting emphasis mandated by governments around the globe.  A Cloud First policy has been in existence within the US government since 2011.  Since 2013 the UK government has mandated that central government "should consider and fully evaluate potential cloud solutions first before considering any other option."  This year the US government adopted the 2019 Federal Cloud Computing Strategy (Cloud Smart) and the UK government is expected to reveal a new policy early next year.  The US iteration of Cloud Smart typically includes security, procurement, and workforce components, but many organizations remain significantly challenged in these areas.

As organizations go from "Cloud First", or "Cloud All", to "Cloud Smart" they tend to remain "Cloud Dumb" as it relates to securing their systems in the Public Cloud. Typical Public Cloud vendor shared responsibility models state the cloud service providers are responsible for protecting infrastructure while the customer is responsible for protecting their data, monitoring access, managing configurations, observing anomalous user behaviors, monitoring system vulnerabilities and patching, and analyzing suspicious host and network activities.  Attackers will have a renewed focus on Public Cloud accessible systems and data in 2020 and beyond due to the richness of the prize and ease of accessing it. We expect to see more breaches both from external and internal parties as Cloud applications become more ubiquitous.

IDC predicts that 49% of the world's stored data will reside in Public Cloud environments in 2025. Organizations around the world, both public and private, would do well to take heed of available guidance and not delay their application of best practice.

"Cloud Smart" really needs to mean more than "Should this application be run from the Cloud? What are the benefits we want to achieve moving to the cloud? What are the costs?  What are the risks?" It must also mean that we understand the value of the data and how to protect it in the Public Cloud. It means that we need to properly understand risk, take security into consideration, and build security in from the ground floor upwards.

##

About the Author

Eric Trexler is Vice President of Sales, Global Government, Forcepoint.  Eric has more than 21 years of experience in the technology industry with both the public and private sectors including the DoD, Civilian, and Intelligence components.  Prior to joining Forcepoint, Eric was the Executive Director for Civilian and National Security Programs at McAfee, formerly Intel Security. Prior to joining McAfee in 2010, he managed multi-million dollar accounts at Salesforce.com, EMC Corporation and Sybase, Inc.

Eric served as an Airborne Ranger with the United States Army for four years, specializing in communications. He holds a bachelor's degree in marketing and an MBA with a concentration in strategy, both from the University of Maryland at College Park.