Trending / December 14, 2016

Top 10 Cloud and Security Predictions for 2017

In the coming year, I think we’ll see a number of significant changes with respect to both the public cloud and information security and, thus, would like to offer five predictions for each space.

Top Five Public Cloud Predictions

  1. SaaS will be first choice. People have been talking “cloud” for years. Moving forward, however, I think the conversation is set to become more structured, more specific. As organizations increasingly begin to differentiate Software as a Service (SaaS) from Infrastructure as a Service (IaaS), I foresee SaaS picking up the most steam in 2017. In fact, I think the SaaS space is going to explode with more and more providers offering a larger variety of applications. Enterprises will first look to “SaaS-ify” their on-premise applications and, if unable to do so, will then turn to IaaS, failing which they will fall back to the private cloud.
  1. Network visibility to aid the shift. Traditionally, the move to the public cloud—and IaaS, specifically—was hampered by security considerations and perhaps a lack of equivalent security and monitoring solutions as in the on-premise world. That’s changing today—catalyzed in large part, I believe, by a new generation of visibility tools coming online that enable greater transparency into and security of data-in-motion. This will push organizations to accelerate their plans to take advantage of the elasticity and agility that IaaS offers.
  1. “Crown jewels” in the cloud. Enterprises will also increasingly move beyond using the public cloud solely for test/dev or burst capacity purposes. And again, because they want to benefit from the elasticity and the capacity on demand the cloud has to offer, they will now be looking to leverage IaaS for hosting always-on, mission-critical, Tier-1 applications—aka the crown jewels.
  1. Even more data breaches. Moving the crown jewels into the cloud is a big shift. Unfortunately, it follows that as the data value increases so, too, will attackers’ efforts to gain access to that more lucrative, mission-critical or client-specific information. Enterprises will become subject to more targeted attacks and the number of breaches will rise. On the plus side, I think 2017 will see organizations making cloud security a higher priority, migrating their security platform and tools in parallel with their critical applications.
  1. Amazon and Azure to stay on top. I see an oligopoly in the near future—with Amazon and Azure cementing their roles as the leading IaaS solution providers; IBM and Google becoming secondary IaaS players; and Oracle emerging as a key player in the Platform as a Service (PaaS) space. The remaining players . . . will fade away.

Top Five Information Security Predictions

  1. Security of IoT will become a life-threatening issue. The IoT devices coming online today range from heart-rate monitors to insulin pumps to automobiles. Think about the potentially life-threatening challenges that can arise—especially when device security has most often been an afterthought. The whole model needs reversing—with security as the top priority.
  1. Increased regulation. There will be a massive push for increased industry regulation around the security of IoT devices—a problem that will not be solved by asking software vendors to write more secure code. And while I do not believe regulation will come about in 2017, I think the call to regulate will rise significantly.
  1. Shift in security responsibility. Service providers have historically taken a relatively agnostic view towards security. But as part of the push toward regulation, they will be forced to take a more active role—especially as they are in the best position to do something about security in the world of IoT, and will likely soon be regulated to do so.
  1. Security workflow automation. In the coming year, the volume of online attacks will outpace the human capacity to address them. As a result, security workflow automation” will become a new mantra, with organizations clamoring for the ability to eliminate the need for manual intervention to secure systems.
  1. The role of nation states in cyber warfare will change and grow. In a world that’s been dominated by traditional military might, cyber may become a great equalizing force. Smaller nation states, in particular, will take a more active role, investing in building cyber warfare and intelligence capabilities. No longer does it require a huge army to knock out a national power grid or inflict significant physical damage.

Originally published in SecurityWeek – Infosec Island

Back to top