Cloud Security 2016 – Key Takeaways
In the past few years, cloud computing – the paradigm where computing resources are offered as a utility, became one of the biggest buzz words in the IT sector. Low costs, faster time-to-value and the flexibility provided by on-demand cloud solutions easily lured big IT players into embracing the new trend. The cloud not only reduces capital expenditures but also frees up time for IT teams as they no longer have to dwell on hardware deployment and maintenance as they used before. In some cases they don’t have to worry at all as serverless cloud solutions such as AWS Lambda give the chance to manage a cloud without having to think about capacity, logging, updates or scaling while paying as-you-go.
This huge shift is still ongoing and is expected to persist for the next few years. However, along with all the benefits in place, the major pain point for IT executives remains the cloud security concern. As IT operations move to the cloud so does their security and IT teams are no longer in control of the endpoints making the cloud the only security front. According to a survey conducted by RightScale.com, among the top security challenges is the lack of resources and expertise in migrating to cloud environment.
So, in order to shed more light on the “cloudified” aspects of security within the shift to the cloud that is going on, we listed some key takeaways for cloud security in 2016.
Tools Are Essential For A Safe Migration to the Cloud
The larger the online asset the harder it gets to migrate it to the cloud. While for SMBs it just a hassle that in most cases gets dealt with easily, big multi-national companies owning thousands of apps, hundreds of thousands of servers and petabytes of storage require efficient tools to help with their migration in order to maintain a high level of efficiency, reliability and security across their global business platforms.
According to a recent blogpost by Dyn, enterprises will look for internet performance tools to help manage their transition to the cloud and here are the 4 main reasons to why it is so:
- Risk Mitigation – While enhancing security in the cloud is a component of risk management, mitigating risk from routine maintenance and human error, latencies or network volatility must be a top priority. Internet Performance Management (IPM) tools will be essential to allow System Administrators real-time visibility, insight and control into internal and external assets in order to minimize and stay on top of potential risks and threats.
- Infrastructure Elasticity Management – IPM tools will be essential for CIOs that will be looking to gather insights on a global level. They will be crucial for optimizing spend (peak cloud rates around the world) but also to optimize performance in terms of controlling load (usage and performance vary with time zones and geography).
- Security Enhancement – Security issues become growing nuances as workflows are rapidly transitioning to the cloud and are resting between data centers and external cloud resources. With remote or mobile employees and partners distributed globally cloud security becomes even more critical. Tools that offer comprehensive monitoring and managing solutions as well as anomaly-alerting features from a single dashboard are tagged as essential for efficient cloud migration.
- Repathing Optimization – A large network infrastructure with servers, data centers and interconnected systems is impossible to scan for performance stats without tools that allow for system transparency. It’s why IPM tools will be necessary for System Administrators and other execs. They will provide visibility into system paths and enable for full optimization procedures in order to ultimately add value across an enterprise global presence.
The Need for Cloud Provider Cooperation
The cloud market landscape has proven to be a highly competitive one which makes it more complicated to collaborate with competitors. The drive to excel can ultimately end up countering cloud consumer interests. If we take a step back and take a look at the big picture it’s clear that consumers confidence will increase if they see that cloud providers are cooperating on important issues and pushing towards a “greater good” such as a safe cloud environment. A substantial market growth is sure to follow right after an increase in overall consumer confidence.
“The State of Cloud Security 2016” report by the Cloud Security Alliance detected four major areas that are essential for overcoming cooperation obstacles:
- Threat intelligence and incident sharing
- Transparency on verifiable controls with strong integrity checks
- Standards development on common security requirements
- Support for multi-vendor enterprise architectures to assure interoperability, data portability and vendor lock-in avoidance
It is clear that cloud providers are to invest major efforts on cooperating within the market to achieve a greater level of trust in the industry as well as to accelerate development, deployment and standardization of security solutions.
Bumps in Syncing National and Industry Regulations
There are tons of laws and regulations that impact the topic of information security and they vary from industry to industry and state to state. They often intersect and end up overcomplicating international business efforts. While the cloud market has evolved quickly in the last years, its regulations are falling back and need to be revised and/or updated in order to best meet the industry and its consumers requirements. Coping with compliance is an essential part of the landscape, however it can be improved. In order to do so, it’s necessary to clearly outline the main issues:
- Rapid technology changes quickly make policies outdated
- Duplicate nature of many regulations
- Conflicting regulations
- Global nature of enterprises and cloud providers often collide with regional regulatory authorities
- Knowledge gaps for regulators and auditors when addressing cloud computing
Regulatory authorities could leverage existing regulations and standards by implementing mutual recognition schemes and similar procedures which can then open new possibilities as well as set the field for the much needed level of standardized assurance. The rapid and elastic nature of the cloud requires the regulatory environment to re-think its methods of compliance monitoring to follow real-time activities much in contrast to the “legacy method” best described as a static snapshot type of compliance monitoring. In order to enable the cloud industry to further evolve, a tailored and continuous compliance monitoring method that best suits the cloud services being consumed.
On the other hand, the cloud industry needs to engage and collaborate with policy makers and regulatory bodies to help them better understand the cloud environment, its risks and security solutions.
A Gap in Cloud Security Skills
It appears that the biggest hurdle to stopping cloud security incidents is not a limitation of technology or budgeting; it comes down to a human resources factor. Companies are hiring IT security professionals at a faster rate that the market can educate and train professionals. Ultimately it comes down to companies struggling to bring in skilled employees to handle their security technology.
Several studies claim there are over one million vacant cybersecurity positions with the lack of qualified applicants being the main reason for the gap. Also, for employed security professionals, it is challenging to keep their skillset up to date with the industry as it rapidly evolves mainly due to cloud implications. The cybersecurity education ecosystem needs to be expanded in order to open new opportunities for today’s and future security industry professionals with a particular focus on cloud technologies.
The Trillion Dollar Transition is Far From Over
Many experts firmly believe that the big shift to the cloud we are witnessing will be one of the most impactful technology trends of our generation. 2017 is expected to be another “year of the cloud” and CIOs will surely be pushing for cloud migration.
On of the most relevant industry studies sponsored by Intel claims 80% of all IT expenditures in the next 18 months (starting from 2017) will be directed to the cloud.
“This is a new era for cloud providers. We are at the tipping point of investment and adoption.”
Raj Samani, CTO at Intel Security
The cloud is definitely taking over the IT world. However, as said earlier, security is the main concern. But things are improving, the study found that 77% of respondents trust cloud solutions more than they did a year ago. On the other hand, compliance issues where a big concern with cloud for 72% of the surveyed IT executives.
The Intel study also found a worrying fact. Many execs weren’t even sure on whether their companies did store sensitive information in the cloud, with a significant 14% being oblivious on the matter. While IT executives perceive potential security issues, Intel found that they had little confidence in their bosses understanding the “security implications of the cloud”.
Another great issue mentioned in the release is shadow IT. It’s when employees and departments build out their own IT systems or use tools without official approval, which then ends up having a negative impact on keeping cloud services safe.
According to a report on cloud security released by Gartner, IT will spend a total of $114 billion on cloud services in 2016. And the numbers are expected to grow to $216 billion in 2020. That means the impact of this shift will amount to a total of $1 trillion over the course of the next five years. Although massive, the shift will still leave on-premises IT spending predominant for several years with cloud spending representing 24% of IT budgets by 2020.
What’s In It For You
The IT spend in the cloud is greater for some companies, particularly young companies and startups. The expansion of cloud IT services is creating a new generation of startups and cloud-based providers which opens a plethora of new products and opportunities.
In the upcoming years, it will be ITs responsibility to detect organization’s risks and opportunities among cloud service providers and then to capitalize on them. Among other things, IT managers will be expected to pick and manage vendor relationships as much as they do with internal staff.
Here are some key suggestions for when dealing with cloud security for your business:
- Ask the right questions – due diligence is critical when looking for a cloud provider
- Understand different types of clouds and your role
- Legacy tools and architectures don’t work on cloud security issues
- Heavy-handed blocking of cloud services backfires on information security
- Intermediaries have a key role in efficient cloud solution deployment
- Look for automation when scaling in the cloud
As more companies embrace the cloud, more security tools, software and products are set to arise. They will mostly look to help cloud users protect data and meet cloud related compliance regulations. Also, security options and tools offered by cloud providers will definitely mature and grow inline with the market’s security needs.
If you are looking for a painless transition to the cloud or best cloud security solutions, feel free to contact our experts at GlobalDots and get the best there is from the cloud.