This is the third in our series of cybersecurity predictions for 2016. Stay tuned for more through the end of the year.
Here are three ways to think about public cloud security as we head into 2016.
“Cloud First” Will Acclerate Public Cloud Adoption
I believe that customers have concluded that the public cloud is ready to support their business requirements and they have accepted — and hopefully understand — the shared security model for protecting their applications and data. With that in mind, I predict that 2016 will see a rapid acceleration of public cloud adoption, driven by an application development mindset that is geared towards cloud first and cloud native. Cloud first and cloud native means that the applications are developed with the agility, scalability, and resiliency of the public cloud in mind; and using (reusing) smaller components that are a combination of open-source and internally developed.
Public cloud initiative success may hinge upon security
Gartner predicts that by 2020, a staggering 95 percent of public cloud failures will be the customer’s fault. We can only hope this prediction never comes true. Undoubtedly, some of the public cloud failures will be the direct result of poor security, resulting in the loss of customer data. One could argue that security in the public cloud should be tighter than network security because the public cloud is more “exposed”, be it real or perceived. Traditional IT will be challenged to secure these assets as the architecture in public cloud evolves and increases in complexity, forcing them to look beyond the basic visibility and security features offered by the cloud providers. Enterprises should treat their public cloud deployment as a greenfield opportunity to implement the tightest security possible, encompassing better SOC tools for improved visibility and control over the applications, users and traffic across their various “cloud islands”.
Prevention alliances will expand beyond networking and security
Our interaction with customers has shown that public cloud projects are driven by groups that fall outside of traditionally-defined networking and security teams. Examples we have seen include Cloud, DevOps, Infrastructure, and Virtualization. As public cloud initiatives accelerate, the concept of security first will expand beyond the security team into the other groups, thereby expanding the working relationships and resources focused on the task of network and data protection. This particular prediction is critical to the protection of cloud-based apps and data and, possibly, the success of the public cloud deployments as a whole. In fact, many public (and private) cloud projects have been successful because of the close working relationship between security and cloud teams. In some cases, the groups have been combined under the same management “roof.” I expect to see more of that happening next year.