Vormetric Big Data and Cloud Security

Vormetric Blog

Subscribe to Vormetric Blog: eMailAlertsEmail Alerts
Get Vormetric Blog: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Cloud Computing, Security Journal, Secure Cloud Computing, Cloud Development Tools

Blog Feed Post

2015 Cloud Security Predictions By @Vormetric | @CloudExpo [#Cloud]

Still Cloudy with Security Definitely in the Forecast for 2015

As 2015 gets ready to roll in, I thought that it would be worthwhile to examine what to expect in the coming year. I’m spending lots of time these days with SaaS and IaaS/hosting, and managed service providers, and their direct enterprise customers who want to make best use of these environments – mainly in the North America and European markets. At Vormetric we’ve signed many cloud providers as partners this last year who recognize that cloud services and security are inseparably tied together for enterprises (see a partial list of our cloud partners here). Based on my conversations over the past few months, these are six of my key takeaways for 2015 cloud security predictions, as well as the threat environment that enterprises find themselves embroiled in today.

<ClickToTweet>: 2015 Cloud Security Predictions from @CJRad with @Vormetric http://bit.ly/1uxfGaC

1 – Cloud – Safer than your own network

In 2014, we saw AWS customers (especially in the small and mid-size segments) start to lay claim that they couldn’t make their own networks as secure as using Amazon’s EC2/S3 infrastructure services.  This trend will accelerate in 2015. Small and medium businesses usage of cloud applications will increase because they are unable to keep pace with the rate of change of attacks and threats, as well as resulting legal and compliance requirements.  Why? Mainly due to the cost and level of effort it would require to adequately protect against the myriad of data breach possibilities. They want to be experts in their businesses, not in IT Security, and their organizations don’t have the size and scale to justify in-house resources to do it themselves. As a result, they will rely partially on their service providers like Amazon Web Services. This doesn’t mean that these organizations are handing over all responsibility to Amazon. Amazon clearly states that security is a joint responsibility and spells out specific areas they will commit to versus end user responsibilities.

2 -Increased concerns with privacy and security in SaaS environments will result in big investments to safeguard enterprise data

With over 50% of enterprise application spending in 2014 going to SaaS, and the expectation that 2015 will be no different, and with sensitive data a large component of the information used and stored there, large organizations will open their coffers to increase spending on data security protections for SaaS environments. Protections used will include cloud gateways, tokenization and data masking solutions at a minimum.

3- SaaS providers that address this need will thrive.

Broadly speaking, SaaS providers that provide explicit security controls, as well as additional detail on data locations and written security commitments, will see their business increase at the expense of competitors who lag. This is the minimum bar for 2015. For forward thinking SaaS providers, 2015 is the timeframe to think through how they can provide additional and/or enhanced security services options to customers. One primary option that should be high on every SaaS provider list – encrypting customer data-at-rest using encryption keys held by customers.       If SaaS providers don’t have an answer for the ability to turn over encryption key custodianship to their end customers, either recommend a best-in-class solution or have this capability on the roadmap, SaaS providers can expect an exodus of customers starting in 2016 for the lack of this capability.

4 – Major cloud or SaaS provider data breach

To date, most cloud related breaches have been a result of the failure of the customer, not the cloud provider. But I view that as more of a fortunate circumstance than a real indication of risk. Someone will fail to connect the dots in the cloud world.  Increased threats, and the storage of large amounts of critical data create a large bulls-eye directly on some SaaS and Cloud environments.  A major cloud or SaaS application provider will be breached, compromising its financial position and resulting in major customer churn.

5 – All serious IaaS/hosting/managed service providers will offer an encryption and access control service to customers

As the bar continues to be raised for cloud services to earn the trust of enterprise business, service provider vendors of all types will offer a baseline and advanced security service set to enterprise customers for data protection within their environments. Those who don’t risk market share and growth erosion from those who do.

6 – Hosted Private Cloud will take over from in-house private clouds as the preferred private cloud deployment model

As economies of scale, service level commitments and security visibility and controls become more widely available from cloud providers, enterprises will increasingly favor hosted private cloud environments that offer the best of both worlds – the scalability available from public cloud coupled with the increased security required for enterprise data protection and operation.

Defending your data in the cloud with Vormetric?  Have a different perspective on 2015 cloud security? Let us know if you have any feedback.  I can be reached at [email protected] or twitter @cjrad.

The post 2015 Cloud Security Predictions – Still Cloudy with Security Definitely in the Forecast for 2015 appeared first on Data Security Blog | Vormetric.

Read the original blog entry...

More Stories By Vormetric Blog

Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, big data and cloud environments. Data is the new currency and Vormetric helps over 1400 customers, including 17 of the Fortune 30 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Vormetric Data Security Platform protects any file, any database and any application’s data —anywhere it resides — with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation and security intelligence.