Despite the growing prevalence of cloud computing in the enterprise, cloud security remains a concern among IT professionals. Two-thirds of IT pros recently surveyed by Netwrix said security and privacy of sensitive data is their chief concern when it comes to the cloud.
Given these ongoing worries, enterprises obviously want to improve their cloud security postures in 2016. We asked several security experts for their outlooks - both positive and negative - on cloud security for the coming year. Here are 10 of their most interesting insights.
Emphasis on Encryption
Fundamental security principles like strong passwords and encryption for sensitive data go a long way in protecting against cloud attacks. Thanks to high-profile attacks involving a lack of encryption, such as "a significant and sustained" cyberattack against British telecom provider TalkTalk, Eric Chiu, president of cloud security and control company HyTrust, said companies will begin to insist upon encryption being a fundamental part of overall data storage and security strategies. The end of the US-EU Safe Harbor agreement will also help push encryption as part of a data privacy mechanism, he said.
Cloud Security Spending Grows
Enterprises will boost their cloud security budgets, predicts Rajiv Gupta, CEO of Skyhigh Networks, a provider of cloud security software. Citing a Gartner statistic that companies allocate just 3.8 percent of cloud spending to security,compared to 11 percent from their total IT budgets, he said, "There's a gap between where cloud security budgets currently are and where they should be based on overall security spending. In 2016 budgets for cloud security will outpace overall IT security spending as companies play catch-up."
Enterprises will rebalance security spending from an over-reliance on blocking and prevention of attacks to a growing emphasis on detection and response, noted Mike Hamilton, Senior VP of Product for Ziften. "No prevention solution can be 100 percent effective against a focused attack," he said. "The most dangerous targeted attacks skillfully evade traditional blocking solutions, making detection and response the best line of defense."
Containerized Cloud Services a Target
As the popularity of containerized compute services such as Docker continue to grow, both security researchers and hackers will focus on exploiting the weaknesses in the workload isolation model, said Brett Greenwood, vice president of security at BetterCloud, a provider of cloud security software. "This will result in pressure for the open source community and software and security vendors to fill the gaps," he said. "In the meantime, those who adopt containerization strategies will need to implement additional security measures to mitigate the risks of using these technologies."
HyTrust's Chiu expects to see some innovative new approaches to container security emerge in 2016.
"The benefits and savings [of containers] are obvious, a fact which combined with the siren-like allure of the new and shiny will encourage both major players and startups to keep driving innovation and new solutions in this space," Chiu said. "As the maturation of containers continues to recapitulate the evolution of virtualization, one would expect to see many of the security issues inherent with the approach addressed not only by the likes of Docker but also by a number of third parties, as we've seen with virtualization. There is a lot of interesting work to be done on this front."
Big Data, Big Cloud Security Problems
Many large data initiatives involve complex hybrid environments made of traditional RDBMS-based systems and Hadoop, as well as cloud and on-premises deployments, said Eric Tilenius, CEO of database security startup BlueTalon. Access to the data in each system is often governed by different policy engines that are implemented at the application level and are not integrated despite the fact that many data breaches occur at the database level.
"In 2016 the lack of unified data governance could lead to the biggest security disruption that enterprises have ever faced, comparable to the disruption caused to the traditional enterprise perimeter by the entry of mobile," he said. "Relying on a fragmented approach to control data access, where inconsistent policies are applied across an ever-changing data landscape, will leave gaping holes in the protection of enterprise data. In the year to come, we'll see an increased demand for solutions that can enforce data security directly on the data repository, supporting a model where policies are defined and managed centrally, yet deployed and enforced locally closer to the data."
OneDrive on the Move
OneDrive will become the most popular cloud file sharing app, predicts SkyHigh Networks' Gupta. While now in fourth place for data volume uploaded, Microsoft's OneDrive will move up in the rankings as companies move to the cloud with Office 365, he said. Companies already upload 1.37 terabytes of data per month with 17.4 percent of files containing sensitive data, showing they have confidence in Microsoft's cloud platform as a system of record for sensitive information.
Microsoft is investing big bucks in security and recently released a new Office 365 API for partners to monitor and secure sensitive content, which should increase confidence in OneDrive even more, he said. "Companies who were previously hesitant will migrate to Microsoft's cloud offerings."
Better Cloud Disaster Recovery Plans
As enterprises migrate more of their data to the cloud, many of them are still backing up to their own data centers, said Karl Triebes, CTO at F5 Networks, a provider of application delivery networking technology.
"Redundancy is their insurance policy and in the event a cloud provider goes down, business is expected to run as usual. With data breaches and cyberattacks on the rise, enterprises are on edge, and the cloud is a top security concern," he said. "Major cloud service providers haven’t been hacked – yet -- but enterprises need to be prepared. That's why 2016 will be the year of cloud disaster recovery planning."
More Cloud Security Partnerships
Triebes also believes 2016 will see an increase in traditional security vendors partnering with networking companies and cloud providers to help provide more cohesive cloud security strategies. "In the age of hybrid data centers and mobile workplace environments, enterprises can no longer depend on traditional network firewalls to keep their data safe and vendors with areas of expertise will need to bridge the gap to create a more comprehensive security solution," he said. "The perimeter is disappearing and vendors are teaming up to secure enterprise networks at the application level."
'Chip to Cloud' Security Strategies
Chip to cloud (or device to cloud) protection will become the new normal for security-conscious organizations, according to Lasse Andresen, CTO at ForgeRock, a provider of access and identity management.
"With most data chains now spanning the full spectrum of chip, device, network and cloud -- plus all stages in between -- many organizations are starting to realize a piecemeal approach to protection simply isn't effective," he said. "This realization is spurring the adoption of more 'chip to cloud' security strategies, starting at the silicon level and running right through to cloud security. In this model, all objects with online capabilities are secured the moment they come online, meaning their identity is authenticated immediately. In doing so, it eliminates any window hackers have to hijack the identity of unsecured objects, thus compromising the entire data chain via a single entry point."
Use of Adaptive Authentication
Adaptive authentication will become a growing focus for companies in 2016, said Stephen Cox, chief security architect at SecureAuth, a provider of two-factor authentication and single sign-on. "In many attacks we saw in 2015, attackers were not using malware, they were simply using stolen credentials to log into the environment," he said. "With organizations moving to the cloud there will be an increasing number of authentication touch points in an organization, and those will need to be protected with technology that can rapidly identify and respond to threats."
Endpoint Part of Cloud Security Strategies
The challenges of monitoring and securing networks is becoming more dynamic and complex as companies migrate more applications to the cloud, said Ziften's Hamilton. "With no ownership of the infrastructure layer in the cloud environment, network and security engineers will no longer be able to rely on netflow data sourced from switches and routers," he said. "Enterprises will need to regain lost network and security visibility from cloud migration by focusing on the endpoint, eliminating security blindspots and obtaining the additional endpoint context of processes, application and user attribution."
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.