 | Issue: | Global-ICT 2015 |
| Article no.: | 4 | |
| Topic: | Top ten tips to deliver cloud security | |
| Author: | Rajiv Gupta | |
| Title: | CEO & Founder | |
| Organisation: | Skyhigh Networks | |
| PDF size: | 367KB |
About author
Rajiv Gupta is the co-founder and CEO of Skyhigh Networks. He has more than 20 years of successful enterprise software and security experience and is widely recognised as a pioneer of web services. Having led the Cisco ISE product team, spent time at HP Labs and with 45 patents to his name, he’s well versed in the cloud security sector.
Article abstract
There is no denying that SaaS applications have become integral to day-to-day business. As mobile-first applications have proliferated and the ease of connecting to SaaS applications has improved, a rapid sprawl of corporate data across cloud services has appeared. 2015 will see the rebirth of data management, but this time for the distributed data across cloud services, as enterprises seek to proactively manage their corporate data from a security, compliance and governance perspective.
Full Article
2015 has been a challenging year for security professionals had to deal with a raft of security threats: the FREAK security flaw, Pirate Bay’s return, and the risk of a third party breach like TalkTalk’s, to name a few.
There are some clear trends within the technology world, however, that can guide organisations on where the next threat is likely emerge. Take cloud computing, for example, which has made organisations much more flexible and agile as employees can access data on-the-go and can collaborate far more easily. Cloud has also, however, opened up an array of vectors from which data can be hacked if it’s not properly secured. Companies have moved through the various phases of maturity, from blanket bans to sanctioned cloud services, arriving at the current ecosystem where cloud services are ubiquitous and have transformed the way business is done.
Cloud’s explosive trajectory from the fringe of emerging technology to a standard workplace tool offers powerful insights for the future of security and SaaS usage. These ten predictions based on emerging trends in cloud adoption and security should give global businesses an idea of what to expect in 2015 and beyond:
1. Cyber attacks are getting more complex, with more severe consequences. I expect two firsts this year: a major IoT hack and a ransomware attack on a cloud service
There were several colossal data breaches in 2014, but the scale and gravity of cyber attacks will continue to rise in 2015. With confidential data being stored in and sent to more destinations than ever, hackers will target cloud services, IoT devices, and infrastructure in record numbers. Indeed, 2015 could be the year we witness the first major Internet of Things hack and ransomware attack on a cloud service.
2. ‘The year of the enterprise’: Consumer cloud services are shifting their attention to businesses
2014 was the ‘year of the user,’ but don’t expect consumer tech companies to continue to ignore growing business opportunities. 2015 will be the ‘year of the enterprise’ as consumer cloud services make a more determined effort to penetrate the enterprise in search of revenue and profits. Employees lead the way when it comes to cloud adoption and have already created significant demand for enterprise versions of consumer applications. In 2015, we’ll start to see more and more cloud service providers joining the likes of Facebook and Dropbox in offering new and improved enterprise services.
3. Data management is turning its attention to cloud systems as they gain in legitimacy and importance
There is no denying that SaaS applications have become integral to day-to-day business. As mobile-first applications have proliferated and the ease of connecting to SaaS applications has improved, a rapid sprawl of corporate data across cloud services has appeared. 2015 will see the rebirth of data management, but this time for the distributed data across cloud services, as enterprises seek to proactively manage their corporate data from a security, compliance and governance perspective.
4. Big data and security are coming together as the traditional security analyst is becoming the new data scientist
With cyber attacks on the rise, big data will continue to come to the rescue of security in 2015 and, consequently, the traditional security analyst will become a data scientist. Security teams are increasingly reliant on big data analytics to identify attacks and protect corporate assets, with advancements in machine learning giving security teams the firepower required to monitor attempts at infection and data exfiltration. As such, this year could be an excellent time for people who see themselves as number crunchers to consider a career in cybersecurity.
5. The transition from data centres to public IaaS is reaching a tipping point
Companies are aware of benefits in productivity, agility, and collaboration that cloud services offer, but have until now stuck to the private data centre path. Organisations are becoming less reluctant to public cloud computing platforms, however, and this is due to a number of factors. Firstly, there has been huge improvement in the auditing and visibility of cloud services. Secondly, the security and administrative controls from enterprise-ready IaaS providers – such as Amazon, Good and Microsoft – have improved. In fact, in some cases the IaaS providers have been considered to have better security investments than private data centres. Finally, there has been a huge acceleration of cyber attacks, which has undoubtedly brought the security of data centres into question.
6. CEO + CISO = BFFs
Security breaches are no longer the sole responsibility of the CISO, with the Target fallout proving that CEOs are also being held accountable. Indeed, expect CEOs to develop closer and better working relationships with the CISO in the next twelve months. Whether it’s in negotiating security budgets, managing risk, or briefing the board of directors – I’d go so far as to say that the two will be increasingly joined at the hip in many global organisations over the course of this year.
7. Device security is finally giving way to data security
Employees want to work without hindrance, making BYOD a phenomenon that’s here to stay. While devices are continually changing and receiving upgrades, corporate data has much more longevity. As this data is more frequently stored and accessed through the cloud, employees only need an internet connection to access the data, rather than local storage. A consequence, however, is that this puts the onus on data security, rather than device security. It was a long time coming, but companies are finally shifting their focus from securing endpoint devices to securing data on its way to and from the cloud, as well as when it’s stored in the cloud, all while ensuring a seamless user experience.
8. The number of cloud services that satisfy proposed EU regulations is increasing, slowly
The vast majority of cloud services remain in violation of the EU Data Protection Directive requirements. Whether it’s the right to be forgotten, breach notification, or data residency, most cloud service providers are hard-pressed to comply with the proposed requirements. That said, we are seeing some improvements in 2015, and we hope at least some services get their ducks in a row.
9. Businesses are starting to accept that shadow IT is just IT
It’s time that shadow IT lost the pejorative. Businesses are coming to terms with a new definition of shadow IT: tools employees need that the IT organisation is not providing. This marks one small step for the worker who already uses cloud services to get his or her job done, but one giant leap for the cloud economy.
10. Cloud services win the security debate over on-premise apps
I expect 2015 to be the year that cloud services finally win the security debate over on-premise apps. We’ll start to see more and more organisations move their data ‘crown jewels’ to the cloud in recognition of the robust security capabilities from enterprise-ready cloud services such as Workday, Salesforce, and ServiceNow. In the past, companies have ignored the unrivalled investment in security from top tier cloud providers and third-party cloud security vendors, but this game will be over shortly, with cloud becoming the victor.
