Stan Lowe, CISO, Zscaler

Global governments will look to the private sector to help with securing cloud apps as they offload commodity IT applications and services. Due to skills shortages, governments don’t have the knowledge, skills and abilities to migrate data and applications and services to the cloud. As a result, governments around the world will look to the private sector to help with securing cloud apps as they offload commodity IT applications and services to the cloud.

Jason Rebholz, Senior Director, Gigamon

Business Concerns Over Cloud Security Will Continue.Customers are more concerned with the threat that cloud environments are posing to their businesses. As organizations expand their borders to the cloud, they lose visibility into the expanded environment, causing concerns over whether they can adequately secure their cloud environment the way they would their traditional network. The widespread adoption of cloud technologies will cause cloud security to be a top business concern in the coming years.

Jonathan Sullivan, co-founder and CTO, NS1

Companies Head (Back to) the Private Cloud. In 2016, Dropbox announced it was moving 600 petabytes of data from AWS to its own data center, and the trend continued with many other companies “born in the cloud” taking the same steps. At the root of the migration was security, coupled with performance and availability issues, and the desire for more control. Ironically, we expect to see these same concerns drive enterprises to move applications and data from the public cloud back to the private cloud in 2019. Data shows that private cloud is growing at a rate two times that of public cloud. An IDC report found that half of organizations surveyed expected to move their public cloud applications to a private cloud or non-cloud environment in the next two years. As organizations who moved to the public cloud grow in maturity, many will realize the cost savings or agility benefits they anticipated were not easy to unlock. We expect to see these organizations adopt to new frameworks involving software-defined networking in a private cloud environment or on-prem.

Joe Diamond, senior director of security products, Okta

Passwords will continue to be replaced by alternative technologies and signals; including biometrics, usage analytics, and device recognition. The rate of switching from on-premises to cloud-based security solutions will increase exponentially. And attackers go where the money goes; they are eyeing cloud solutions knowing that many organizations haven’t deployed sufficient controls. Machine-learning techniques will show signs of maturity for both predictive models and response automation.

George Avetisov, CEO and Co-founder of HYPR

A major cloud provider will experience a large-scale breach: Large organizations have often expressed uneasiness about moving their data to the cloud despite the common knowledge that cloud providers like AWS are often more secure than the enterprise itself. But despite the massive investments in security infrastructure, it is a matter of when—not if—a major cloud provider will suffer a large-scale breach. Every provider has experienced security breaches and countless outages, but none of these massive data centers have been put to the PR test of a large-scale attack. It’s only a matter of time and it may change the way companies go about their cloud-first strategies.

Rishi Bhargava, Co-founder, Demisto

In 2019, cloud security will align strongly with traditional security measures. While cloud adoption has improved organizational agility, reduced products’ time-to-market, and leveled the playing field with respect to computational power, it has also resulted in disparate environments that security teams struggle to monitor on a regular basis. This is especially true if the security teams are isolated from other teams that deal with DevOps, cloud infrastructure setup, and product development. During incident response, it’s also tough to reconcile cloud asset data with data from traditional security tools. Security vendors and organizations have both realized this, which is why product interconnectivity will grow and security teams will be able to coordinate actions across both cloud and on-premise environments from a small number of consoles.