(ISC)²'s bi-monthly e-newsletter Cloud Security INSIGHTS, delivers timely, must-read original articles for the professional development of infosecurity practitioners focused on cloud security.
The Ultimate IT Governance Success Kit
The IT landscape is constantly shifting so IT professionals must take a proactive approach to protect their organizations against threats that could expose sensitive data, damage reputations, and negatively impact revenues. Access this success kit to unlock key resources that will help you stay current with today’s ever-evolving IT risk and compliance requirements.
JANUARY CLOUD SECURITY INSIGHTS
More Security Coming from Cloud Platform Providers
By JOYCE FLORY
Cloud security has come a long way in the last decade. With cloud service providers building more protections into their platforms, some information security professionals now see cloud security on par with, and possibly better than, on-premises environments. That viewpoint, however, is far from universal.
No doubt the past year saw major providers like Amazon Web Services, Microsoft Azure and Google Cloud Platform add more security features, such as encryption and container security — a trend expected to continue. Forrester Research’s Andras Cser, vice president and principal analyst for security and risk management, in an email exchange noted a rapid maturing of cloud workload protections and security, including the rise of cloud access security brokers (CASBs).
Cser also believes cloud platform providers — particularly Amazon, Microsoft and Google — will continue to take a stronger role in securing their own solutions as well as those of SaaS applications. This, in turn, will drive even higher cloud adoption in 2019.
We asked experts who periodically take the pulse of the cloud industry to reflect on where the cloud, and security provisions to protect what resides inside one, is headed in the coming year. Here are some of their predictions and recommendations:
Everyone is watching to see who will be the first to make headlines for violating the EU General Data Protection Regulation (GDPR). Some experts, like Dr. Larry Ponemon of Ponemon Institute, believe early offenders may include cloud providers that fail to comply with the sweeping data privacy regulation.
It remains to be seen if these penalties will be a direct result of lapses in cloud security or whether cloud services will be a factor in a breach. Regardless, experts recommend that cloud security practitioners, and security operations centers in general, leverage regulations like GDPR to gain more security budget in order to become — and remain — compliant. It will save time and trouble down the road, since California’s version of GDPR is set to kick in next January and impact a large swath of companies, big and small. That likely means a refresh of cloud governance strategies.
As artificial intelligence and big data analytical tools require more storage and computing power, companies reliant on the cloud, like Salesforce.com, will lead the way on innovation to make room for next-gen technologies developed and deployed entirely in cloud spaces.
Smaller May be Beautiful
Small and medium-sized companies once shut out of costly cloud services will finally be able to afford to build or buy their own cloud architectures as the price falls, and more value is added through vendor-supplied security, says Ponemon.
Digital Transformations and Legislation
Nearly every major industry is undergoing some form of digital transformation, with an assist from cloud services. “Organizations are moving from a plodding paper-based world to a real-time, automated digital world,” says Ponemon. “The cloud will help generate the best tools available and accelerate the process of digital transformation.”
Cloud services are now standard in many organizations for both their corporate and consumer benefits. And those who’ve been shut out by pricing will now find such services more affordable. Just remember: As cloud use expands and evolves, expect the attacks to continue as well.
Joyce Flory is a Chicago-based freelance writer.
A bimonthly email