Cloud Security Prospects for 2015

by [Published on 26 March 2015 / Last Updated on 26 March 2015]

In this article will consider the likely advancements we should see in cloud security through this year.

Cloud security continues to develop as the adoption of cloud technologies readily expand globally. Cloud security has come a long way from the initial beginnings, a few years back, users and organisations are more confident of the security offered in the cloud and a lot of providers of cloud technologies are now easily able to offer a level of security that many organisations would find challenging to achieve internally.

Introduction

Security remains a focal point for all, even more so as the times depict that organisations rely increasingly on placing their trust in others, in a world where doing this is becoming difficult to do and probably the opposite of what many feel they should be doing. We are a society that would prefer to rely only on us and are not trusting of others but the cloud works in the opposite manner.

Surveillance and breaches evident and certain for 2015 and the years ahead, not doing a lot to develop organisation confidence, security is even more an urgency.

A draw back or the default reason for not adopting the cloud has mostly been due to security discrepancies, however cloud security has drastically improved as the technologies have matured. Although cloud security will always be an area to challenge and there will always be room for improvement especially as new risk areas surface. The security afforded to cloud and its technologies is improving.

The substantial adoption and expanse of cloud computing has accelerated the need for cloud security and the focus on securing the cloud has brought about great advancements.

The demand for a secure cloud and secure cloud services has ensured that the pertinent work needed has and is being undertaken and is continuing to be viewed as an area of priority.

10 Likely Cloud Security Progressions for 2015

  1. Rise in cloud-based security services

The requirement for security in the cloud will continue to be a priority area. Organisations’ further awareness of the need for security and the increasing evident risk will force an increase in cloud-based security services.

It is predicted that security services will rise by over 30%, with emphasis on areas including email security, web security and identity and access management (IAM), three cloud-based security services that will accelerate in 2015. Services such as tokenisation, encryption, SIEM, IAM, vulnerability assessment and web application firewalls will be services that will prove to be increasingly prevalent in the cloud.

The adoption of cloud-based platforms and services is encouraging organisations to explore cloud-based security solutions that work effortlessly with their existing solutions.

More providers will offer security management solutions, managed security services (MSS), as an outcome of the increased need for the cloud-based security requirement.

Mitigation and prevention of threats will prove critical for cloud application and infrastructure.

  1. Security-as-a-service will increase in popularity

Organisations will explore Security-as-a-service as a solution to effectively secure their heavily cloud-based infrastructure and functioning. Increased knowledge and confidence in SaaS solutions and BYOD, very much the way organisations undertake their business function today, another reason organisations will consider this security option.

Security-as-a-service adoption will increase as the demand for cloud-based security options heighten. More focused security solutions will be developed to handle specific security controls for cloud-based IT concerns.

Securing the cloud shows a shift from the traditional ways of securing our infrastructure (server and network security) and data. Security is focused now on a resource and service level rather than the broader perimeter. Security controls will continue to focus on the resource and service, which should improve the achievable security flexibility.

  1. Importance of cloud security monitoring and mitigation

Security monitoring, defences and mitigation techniques need to become more automated to thwart the more sophisticated and automated attacks. Organisations defences need to evolve alongside the attacks if they are to succeed in effective mitigation and control. Attacks are more focused and instant so detections months later will not suffice…the attack and destruction will be old news and you will only be left with the aftermath.

  1. Cloud is more secure than many internal networks

Already many organisations are finding that the security that they are provisioning through a cloud-based solution and cloud provider’s infrastructure is far superior to the security they can achieve internally. This will continue to be the paradigm and will become the norm.

The threat vector is continually changing and at an alarming speed, for organisations themselves to internally secure against these threats effectively is impractical and foolish to even contemplate. Whereas the cloud provider has the resources and knowledge needed to undertake a large segment of the security responsibility more effectively.

Appropriate security is essential for organisations to meet and maintain compliance and legal regulation and not only for threat prevention.

  1. Privacy and security is an amplified focal point as organisations place more critical data in the cloud (SaaS)

Privacy is a concern for organisations in jurisdictions where data protection requirements are rigorous. The requirement for privacy guarantee will only become greater as the type of data flowing through the cloud becomes more important to organisations. Emphasis on maintaining privacy of the data in the cloud will be an area of focus.

  1. Shift of data types processed and stored in the cloud

Additional data (intellectual property etc.) that is of pronounced value to the organisation will be placed in the cloud. This shift of data type (no longer only customer data or less sensitive data) will require toughened security to avoid compromise that could be particularly damaging to the organisation.

The hybrid cloud is still a valid alternative and widely used by organisations still opting to keep their more sensitive data private and onsite, yet still attaining the advantages of the public cloud as well.

The realisation that the security capabilities afforded by the cloud certainly outshine those on premise will drive this shift.

  1. Data locations, cloud surveillance and residency laws

Surveillance is becoming commonplace and the more surveillance of data is encouraged and undertaken the more convoluted and limiting data laws will become. Further drive for tokenisation and data protection solutions will be encouraged and adopted to protect cloud data.

Organisations will be more demanding concerning where their cloud data resides for this reason. Further data location guarantees will be necessitated.

  1. Encryption solutions on the rise

More cloud-based encryption solutions will become available. These solutions will accommodate deployment for both cloud and on premise security options. 

Encryption and access control solutions will become anticipated as a given. The provider will offer this, a basic as well as advanced solution, as a form of gaining further user/organisation trust of security within their cloud environment.

The encryption solutions will follow the movement where the customer, for increased security, holds the keys. This capability will be expected by organisations.

  1. Content and apps will bypass the desktop and be exclusive to mobile devices

The data on these devices needs to be properly secured but also the data in the cloud, as majority of mobile device content and applications are stored in the cloud.

Content and apps are now being created with mobile devices in mind and specifically for mobile devices; desktops are not part of the consideration. Thus the way this data, likely to be stored in the cloud, is secured is important.

  1. Breaches are inevitable, breach insurance becomes a necessity

Breaches are a certainty, with the vast amount of critical data being stored and processed in the cloud; it is more than likely to occur and more often than we may like to admit.

It’s important to have systems and procedures in place to prevent attack as well as to recover from attack if the unfortunate incident of a breach occurs.

The data stored and processed in the cloud is becoming data of greater importance and the requirement for organisations to ensure that they are sufficiently covered if a breach were to occur is fundamental. The uptake of cyber insurance in one form or another will become more commonplace. Many underwriters are declining to operate in the cyber market but this is an obvious gap that some innovative company will soon exploit.

Conclusion

The above reasons are some that will ensure that cloud security progresses in 2015 onwards.

As economies of scale, service level commitments and security visibility and controls become more commonly available and improved, the cloud services offered by cloud providers must show enhanced security.

The advancements in securing the cloud will support organisations to better manage the potential cloud-based risks that they are confronted with in the new IT realm.

The silver lining is that cloud security is definitely on the up and up and although a breach may be inevitable (it will not take us by surprise), we are better equip and advancing in the right direction for securing the cloud.

See Also


The Author — Ricky M. & Monique L. Magalhaes

Ricky M. & Monique L. Magalhaes avatar

Ricky M Magalhaes is an International Information Security architect, working with a myriad of high profile organizations. Monique is an international security researcher, she holds a BSc Degree (Cum Laude). Previously she has focussed on research and development at leading enterprises in the Southern hemisphere.