Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Eric Trexler, VP, Global
Government, Forcepoint
Organizations will become "Cloud Smart" but remain "Cloud Dumb"
As we enter 2020 more and more
organizations, especially government agencies, are moving to the Cloud as part
of their digital transformation. We should expect to see greater and greater
breaches of Public Cloud systems as a result.
This change will come about, in
part, due to a shifting emphasis mandated by governments around the
globe. A Cloud First policy has been in existence within the
US government since 2011. Since 2013 the UK government has mandated that central government
"should consider and fully evaluate potential cloud solutions first before
considering any other option." This year the US government adopted the
2019 Federal Cloud Computing Strategy (Cloud Smart) and the UK government is expected to reveal a new policy early next year. The US
iteration of Cloud Smart typically includes security, procurement, and
workforce components, but many organizations remain significantly challenged in
these areas.
As organizations go from "Cloud
First", or "Cloud All", to "Cloud Smart" they tend to remain "Cloud Dumb" as it
relates to securing their systems in the Public Cloud. Typical Public Cloud vendor
shared responsibility models state the cloud service providers are responsible
for protecting infrastructure while the customer is responsible for protecting
their data, monitoring access, managing configurations, observing anomalous
user behaviors, monitoring system vulnerabilities and patching, and analyzing
suspicious host and network activities. Attackers will have a renewed
focus on Public Cloud accessible systems and data in 2020 and beyond due to the
richness of the prize and ease of accessing it. We expect to see more breaches
both from external and internal parties as Cloud applications become more
ubiquitous.
IDC predicts that 49% of the world's stored data will
reside in Public Cloud environments in 2025. Organizations around the world,
both public and private, would do well to take heed of available guidance and
not delay their application of best practice.
"Cloud Smart" really needs
to mean more than "Should this application be run from the Cloud? What are the
benefits we want to achieve moving to the cloud? What are the costs? What
are the risks?" It must also mean that we understand the value of the data and how
to protect it in the Public Cloud. It means that we need to properly understand
risk, take security into consideration, and build security in from the ground
floor upwards.
##
About the Author

Eric Trexler is Vice
President of Sales, Global Government, Forcepoint. Eric has more than 21
years of experience in the technology industry with both the public and private
sectors including the DoD, Civilian, and Intelligence components. Prior
to joining Forcepoint, Eric was the Executive Director for Civilian and
National Security Programs at McAfee, formerly Intel Security. Prior to joining
McAfee in 2010, he managed multi-million dollar accounts at Salesforce.com, EMC
Corporation and Sybase, Inc.
Eric served as an Airborne Ranger with the United States Army for four years,
specializing in communications. He holds a bachelor's degree in marketing and
an MBA with a concentration in strategy, both from the University of Maryland
at College Park.