This year is already being branded the “year of the breach.” A year continual breach and surveillance headlines shaking both enterprise and consumer confidences (Target, UPS, Home Depot, Dairy Queen and Staples to name a few), is driving more urgent security discussions, especially across the cloud landscape. Given the cloud's rapid adoption – to which no end seems to be in sight – what trends will drive the market forward in the coming months to bolster data security?
Given the ever-evolving world of cloud security, here are my predictions on what we can expect for the cloud security market in 2015:
The evolution of the hybrid cloud will occur
The private cloud has been a popular choice in recent years as enterprises looked to take advantage of the control, customization and other benefits offered by the cloud while simultaneously ensuring their security requirements were met. While the hybrid cloud approach will become commonplace, an interesting new twist will occur. Look for a hybrid data model approach to public cloud adoption to take hold. This approach will let enterprises keep their most sensitive data in their own data centers while adopting multi-tenant public cloud SaaS applications. The best part? The enterprise's cloud end-users will not even realize this data hybridization is occurring behind the scenes.
Cloud data “surveillance” is going to influence residency laws
As nation-states continue to conduct surveillance, residency and data sovereignty laws will become more complex and restrictive. We saw such cases as the Microsoft data residency ruling, in which the U.S. sought to search Microsoft's data in overseas databases, and we can expect to see similar ones in 2015. More information is being revealed surrounding the prevalence and depth of nation-state surveillance. As this surveillance becomes public knowledge, increasingly rigorous data residency laws will follow. And in order to securely comply with data privacy and residency laws, more and more business-to-consumer (Apple Pay) and business-to-business use cases will lean toward tokenization as the preferred data protection technique.
Cloud data will include “real” enterprise data
Compromised data we read about in the headlines will move beyond customer data, such as contact and payment information, and into the realm of enterprise intellectual property and trade secrets. While it's inconvenient to a customer to receive card replacements after a breach, imagine if a company's valuable product design strategy or acquisition plans get compromised. Whether it's a deliberate strategy or the results of a backend programmer focused on ones and zeros accidentally placing critical intellectual property information in the cloud, the need to have bulletproof security protocols in place will be dramatically reinforced.
Content and apps will be created for mobile first
We're living in a mobile world, and data flows will bypass desktops and be processed and stored exclusively on mobile devices, such as tablets and phones. As more enterprises are allowing employees to bring-your-own-device (BYOD), theft and loss of these devices won't be the enterprise's only concern, as mobile data is more frequently housed in the cloud. For instance, iCloud breaches regarding under-clothed celebrities dominated headlines in 2014. In 2015, organizations will need to ensure that enterprise data on mobile devices and in the cloud isn't “over-exposed.”
Cloud adoption and evolving CASB solutions will redraw the IT security line
Due to the development of new technologies and evolving Cloud Access Security Broker (CASB) solutions, lines will be redrawn on what applications and operational business use cases are cloud-compatible. Companies will use the cloud more aggressively for functions where it was inconceivable to consider cloud even a few years ago. This means the data that resides there will have increased sensitivity and, as a result, will require constant protection. The industry will see continued momentum of data tokenization as an increasingly important security option. Because threat prevention will encapsulate cloud applications and infrastructure, CASB investments will become a common part of cloud investments – with Gartner even predicting that they'll “become an essential component of SaaS deployments by 2017.”
Breach insurance to become the “norm”
Breaches will continue to occur on a regular basis, forcing organizations to look toward adopting cyber insurance. For many risk professionals, it's no longer a matter of if a company's data will be breached, but when. Having specific prevention plans in place to mitigate risk once there is a breach is essential. And taking advantage of all applicable security countermeasures to mitigate against cyber risk will become the enterprise battle cry.
Only time will tell if these come true, but there is one thing we know to be certain: security will continue to be a boardroom issue in 2015 as cyberthreats and data compromises continue to appear in the weekly headlines.