Cloud security in 2014: Automation and consolidation
Eric Chiu, president and co-founder of HyTrust, predicts that in 2014:
1. Organizations will discover the importance of BYOS for public cloud. Given the recent disclosures about government access to cloud service provider networks, we’ll see further investment in key management systems that allow organizations to keep control of their encryption keys themselves vs. entrusting that critical security measure to the same vendor that holds their data.
2. Cloud security automation will ramp up. Organizations will drive for greater automation and orchestration of security in the cloud and seek vendors that can secure both private and public cloud environments.
3. Policy will become a main focus. Cloud environments are dynamic and workloads are mobile (even between cloud providers). Automated security based on embedded workload policy will be critical for the next stage of cloud adoption.
4. It will no longer be private or public cloud. Companies will implement a combined private and public cloud strategy to offer freedom of choice to business units. However, data security and governance will become paramount to enabling this journey. And encrypting all workloads in the cloud will become a default requirement.
5. Consolidation will continue. Organizations will look to buy more solutions from a single vendor and demand greater integration between solutions to automate security. In addition, the fact that securing cloud environments is very different from securing traditional physical environments will drive greater consolidation in the market.
6. Private cloud will develop into two camps. There will be two different primary buyers of private cloud infrastructure: “Out-of-the-box” customers that will buy pre-built, pre-integrated solutions on converged infrastructure platforms and customers that want to build their own using open source components.
7. Companies will look to automate governance in the cloud. The internal corporate governance process is typically cumbersome and involves multiple reviews by different groups, which erodes the agility that cloud enables. Agility will be the driver in 2014 to automate these governance processes.
8. Insider threats will continue to be the number one cause of breaches. Access controls, role-based monitoring and the “two-man rule” will become key requirements in the cloud to prevent major breaches and datacenter failures.
9. Data center consolidation will become the new driver for private cloud computing to enable even greater efficiencies and cost savings. Next-generation data center architectures will require logical infrastructure segmentation (rather than physical air-gapping) to enable multi-tenant private clouds.
10. Companies will look to pilot and implement software-defined networking as the next step in their virtualization journey. Software-defined infrastructure will put greater focus on securing the management plane given the greater concentration of risk and potential for catastrophic failure.