security-info

The Cloud In 2015: Eight Trends To Look For

The Cloud In 2015

For organizations of all sizes, in 2014 the cloud emerged as a critical part of the default consideration set when implementing any new application – in large part due to the cloud’s proven ability to handle data storage and processing demands in an elastic manner, improved verifiable standards around data security and service reliability, and lower overall total-cost-of-ownership.

As we move into the New Year, below are eight big-picture trends in cloud computing for 2015.

preditions

1. Forecast

Cloudy days ahead. Despite the continued incidence of cyber threats and attacks – including the latest against Sony – the market remains optimistic towards the cloud, especially as companies grow and economies scale. Applications spanning HR, sales automation, and governance, risk and compliance (GRC) will become even more widely adopted in the cloud in 2015, a view shared by independent technology and market research company Forrester Research. There is a robust and rapidly growing cloud subscription market, and organizations are continuing to take advantage of pay-as-you-go models, a new norm in the cloud world.

2. Flight to safety

Organizations are continuing to put more and more data in the cloud. With so much critical and sensitive data all in one place, comes increased risk. Some still remain skeptical as to whether existing cloud safeguards are adequate and sufficient. But rest assured – in 2015, we will see unprecedented resources and brainpower used to further strengthen and secure the cloud. While we may see more cyber threats and successful attacks, we will also see the industry rally in response, united by its mission to build bulletproof organizations, and with it, bulletproof clouds.

3. Information security a top concern

security-network

Big cloud and data storage players such as Amazon and IBM have thought about information security from the ground up. This includes everything from the staff, training programs, tools and processes that are needed to run truly world-class cloud and data storage centers. Today, strong information security programs are paramount for every organization and every industry, but even more so for banks and financial services institutions who face increasingly stringent compliance requirements and scrutiny from the regulators. Banks and financial services institutions have led the way when it comes to building out centers of information security excellence, and they are well on their way to ensure that all of the proactive and remedial measures are in place to protect against information security threats today and into the future. We will see similar stringent norms being adopted by other industries too, particularly those with large exposures to customer data and multiple customer touch points. The usage and integration of newer technology trends such as mobility, big data and real-time computing will also be brought into the information security paradigm in order to make it more robust and fool proof.

4. Greater need for industry standards

Broadly speaking, there are insufficient industry standards when it comes to baseline information security. In large part, across industries, everything remains fragmented, and organizations are focused on issues of the moment, such as information leaks, or privacy breaches, rather than bigger picture risks. We need to see organizations and industries get past their current challenges and think more proactively about the future. Cloud vendors, in particular, have realized the need for greater industry standardization when it comes to information security, and the Cloud Security Alliance, and ISO will likely spearhead continued developments in this regard.

5. Information security reviews will become more like audits

It’s a short step from a review to an audit. IT organizations will continue to ask, on a more frequent basis, for a review of their cloud accounts, what information security incidents have occurred, and how they were addressed. Similar to an audit, handling information security incidents requires visibility and transparency. Let’s say a company has put its entire Enterprise Resource Planning (ERP) in the cloud. Each known information security risk for each operation must be classified by its criticality, which then drives the frequency of the review. There will also be more frequent and random spot checks, just like audits. The IT organization will be on the sharp lookout to ensure their cloud providers are able to proactively identify, assess and mitigate risks.

6. Greater scrutiny on access controls

Currently, cloud providers offer a set of accounts to a company, who then distributes the accounts to its employees. Companies are increasingly asking their cloud providers for more data about their cloud accounts, such as who is using these accounts, and in what capacity. Due to several recent high-profile cases, we will continue to see greater scrutiny around which employees have access to these cloud accounts. Critical questions are also being asked, such as: if an employee is no longer with the company, either through termination or change of roles, whose responsibility is it to ensure their account is immediately terminated? In 2015, we will see more robust segregation of duties, greater assurance regarding the rights to use an application in the cloud, as well as new restrictions around employee access to data and applications operating on a “need to know” basis. We will also see more real-time access management, dynamic rights allocations and revocations, and other such features playing a bigger role to ensure the sacrosanct of information.

7. Hacker robots

hacker-robots

Automatic robots are continually testing applications for availability and performance. In the same way, once security testing is added to the robots’ protocol, this becomes an important new metric for management, who are asking for trending heat maps with green, yellow and red assurances for security, just like they are used to seeing for availability or performance. In 2015, automation will continue to change how we test for information security — testing that was previously done on an ad hoc basis will become more systematic and automatic. “Pen testing” (penetration testing), which consists of programming a hacker to break into an application, is done infrequently, but I predict there will be more automated frameworks to “hack my app” in the coming year. The most sophisticated and security-aware companies will want to frequently bombard their cloud systems, and they will ask for contractual agreements that permit ongoing and real-time information security testing.

8. A whole new C-Suite

Mobility, cloud computing, social media and Big Data have become central to a company’s competitive advantage. As such, we will continue to see greater prominence of organizational positions that are related to and connected with the organization’s data. More and more companies are creating a Chief Data Officer role, with the actual title depending on the company and the industry. This position will work hand-in-hand with other key C-level roles, including the Chief Risk Officer, the Chief Compliance Officer, and the Chief Digital Officer.

(Image Source: Shutterstock)

By Vidya Phalke

Vidya Phalke

Vidya Phalke is responsible for MetricStream’s technical architecture and strategy. Prior to being promoted to the CTO position, Vidya served as Vice President of Product Management and Engineering where he was responsible for MetricStream’s Software Products and Platform Delivery. Starting with MetricStream in 2003, Vidya has been instrumental in developing an industry-leading GRC software platform. Before joining the software industry, Vidya earned a PhD in Computer Science from Rutgers University, where he won two Small Business Innovation Research grants for his research on databases and network optimization.

CONTRIBUTORS

What Futuristic Transportation Will Look Like In Your Lifetime

What Futuristic Transportation Will Look Like In Your Lifetime

Futuristic Transportation Being stuck in traffic or late for work because of a hold up on the dreaded commute could ...
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Multi-Instance vs. Multi-Tenant Architecture  The cloud is part of everything we do. It’s always there backing up our data, pictures, ...
Financial Management Finds a Welcome Home in the Cloud

Financial Management Finds a Welcome Home in the Cloud

Cloud Based Financial Management The most cautious person in any organization is likely to be the CFO. After all, they’re ...
Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and ...
The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the ...
Why ‘Data Hoarding’ Increases Cybersecurity Risk

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated ...

NEWS

email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...