“Chief security information officers need to dispel the uncertainty surrounding cloud computing.
In a world where security breaches at large corporations dominate the headlines, the ambiguity that surrounds cloud computing can make securing the enterprise seem daunting. The challenge exists not in the security of the cloud itself, but in policies and technologies for security and control of the technology. Although most enterprises are familiar with cloud, or at least the idea of cloud, misconceptions and misunderstandings about what the technology can offer are pervasive.
“Cloud computing remains hyped and widely misunderstood,” said Jay Heiser, research vice president. “Ambiguity about what cloud computing actually delivers to an organization is compounded by a variety of real and imagined concerns about the security and control implications of different cloud models.”
It can be difficult to see the future of any technology, but Mr. Heiser gathered Gartner predictions for the future of cloud security.
Through 2020, public cloud infrastructure as a service (IaaS) workloads will suffer at least 60% fewer security incidents than those in traditional data centers.
Gartner concluded that the security posture of major cloud providers is as good as or better than most enterprise data centers and security should no longer be considered a primary inhibitor to the adoption of public cloud services. However, it is not as simple as moving on-premises workloads to the cloud, and security teams should look to leverage the programmatic infrastructure of public cloud IaaS. Automating as much of the process as possible will remove the potential for human error — generally responsible for successful security attacks. Enterprise data centers could also be automated, but usually don’t offer the programmatic infrastructure required.
Exploiting IaaS infrastructure will have a slow adoption rate, and not all IaaSD providers support public cloud IaaS. Security and risk management leaders should utilize the cloud IaaS provider’s native security capabilities and integrate application security testing and other vulnerability scanning capabilities into the deployment cycle.
By 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.
Placing workloads in the cloud does not require a security trade-off. In fact, IaaS cloud providers offer features to ensure users have access only to the information they need and also track all the “who, what, when, where” details. Enterprises actually benefit from the security built into the cloud.
Cloud computing does reduce the overall security scope, and it does require customers to manage some of the computing stack in a shared-responsibility model. This is a good opportunity for new types of approaches and new method adoption to protect information. The cloud will require a different approach to security; on-premises security habits and designs won’t work well for information stored in the cloud.
Security and risk-management leaders need to advise and educate their teams and the infrastructure and operations (I&O) teams about native visibility and control features offered by cloud providers. Look into cloud-aware tools to improve visibility so day-to-day security rests with the security and I&O teams, instead of the developers.”