Cloud Security in 2016: Predictions from Security Leaders
Predictions from Security Leaders
Encryption of data at rest will evolve to address the objects rather
than where the objects are stored. As sensitive data moves between
applications, some hosted on-premises and some in the cloud,
blindly encrypting entire repositories of data will become unfeasible
for business requirements. Companies will rely on automated,
intelligent policy enforcement that encrypts only the most sensitive
data to comply with security and regulatory requirements.
Jim Routh, CSO
The return of end point security: new tools will examine behavior
versus signatures. This new method will lead to faster detection
without increasing the infrastructure requirements for these controls
— many of which will be based in the cloud and allow for 24x7
coverage versus the 9 to 5 on your network for incident detection.
Richard Rushing, CISO
The battle to keep data within the corporate perimeter will evolve
into the challenge to allow data to travel securely wherever it is
needed. IT security is under pressure to align with business initiatives.
As companies gather data and transition to digital business models,
security teams need to prioritize making data available for business
units: on mobile devices, across departments, and within cloud-based
applications. Departments who pull this off deliver a competitive
advantage for their organization.
Brian Lillie, CIO
There is still a challenge for some organizations with establishing
trust between the cloud provider and organizations with confidential
or proprietary information. Security is becoming better integrated
into cloud services and is being highlighted as a feature of the
standard services provided. Cloud providers will develop automated
methods of obtaining data needed to support assurance. Additionally,
encryption techniques and services are being developed to allow the
needed separation of duties — paving the way for cloud adoption
even for companies that have critical information.
Mike Watson, CISO
State of Virginia
In 2016, the biggest challenge for cloud-based companies will be
to leverage privacy in their business models, as the Safe-Harbor
invalidation by EU will trigger new incentives, not only for European
companies, but globally. Digital trust will certainly be the most
important trend and a business enabler if branded efficiently.
Proactive data asset management is becoming fundamental, to keep
real-time inventory of where, how and by which company corporate
information is handled. Failing to do so is simply accepting the risk
of data loss.
Bruno Kerouanton, CISO
Canton of Jura, Switzerland
As for my own predictions, I believe 2016 will usher in a new age
in the cloud economy, which will bring a new set of challenges for
companies. They will start to worry less about whether their cloud
provider will be breached, and more about whether employee error or
stolen passwords will lead to a breach. The majority of cloud incidents
in 2016 will come from employee insiders, whether through error or
malicious intent. Security budgets will adapt to reflect the maturity of
cloud adoption, as companies pay off cloud security debt. According
to Gartner, companies currently allocate just 3.8 percent of cloud
spending to security, compared to 11 percent from overall IT budgets.
Finally, I think 2016 will shutter the approach to simply block or
eliminate cloud services. Risk to data in the cloud is contextual, and
security policies will evolve accordingly.
Rajiv Gupta, CEO