12 cloud predictions for Christmas: Greater integration of security

Eric Chiu Advice
3 Jan, 2012

HyTrust president Eric Chiu tells us what he thinks will happen in cloud computing during 2012.

As cloud computing looks set to take greater hold of the enterprise in 2012, we can expect to see several security issues come to the fore.

Advanced persistent threats (APTs) will become more predominant and increase as a priority
The explosion of APTs against high-profile companies and government agencies we saw in 2011 will become even more predominant in 2012. Organisations that come under fire from APTs will be at heightened risk, suffering tremendous credibility and financial loss.

Insider threats will grow
Insider threats backed by malicious intent, and the risks associated with insider breaches will grow in 2012. Because they occur within the network and by privileged users – such as employees, contractors or partners – organisations will have a hard time battling insider threats with traditional security measures that detect attacks from the outside. In a recent survey from Lieberman Software, more than 48 percent of survey participants said they have worked at an organisation whose systems got compromised by a hacker. Keep in mind many of these insider threats are also simply human error.

Digital forensics will become one of the most important security skills
Companies nowadays often have to bring in outside expertise at $330.00 hour with door-to-door billing and potentially emergency rates on top of that to analyse how an endpoint system was (again) compromised. The ongoing battles in this war aren't won quickly, but rather in months and years when you include the ensuing investigations, not to mention regulatory and compliance issues.

CIOs will be driven to automated, audit-quality reporting
Executives increasingly need to show 360-degree and holistic reports to satisfy regulatory compliance requirements – particularly in the PCI DSS space. The consequent legal implications will drive more companies to automate their network security audits and rely less on periodic audits.

Evolution of incident response in organisations will continue
The classic virtual incident response team concept will continue to fade in favour of full time incident responders, forensic analysts, and reverse engineering malware specialists.

Cloud computing challenges will fail to meet lofty expectations
While there are many possible benefits to cloud computing, the honeymoon will end. Gartner predicted “cloud hype” will peak in 2011-2012. Many organisations have discovered or will discover that they do not have the flexibility they need for their businesses, and many others will discover that any security issues (from audit to compromise) are far more complex in the cloud. With all issues come opportunities for progressive organisations to try new virtualisation security and management technologies to allow even the most regulated industries to leverage the cost savings that come with the cloud.

Security will continue to become part of virtual infrastructure
As more and more organisations add virtualisation technologies into their environment, particularly server and desktop virtualisation, security will be more embedded in the native technologies, and less of an "add-on" after the implementation is complete. For server virtualisation, new security, firewalls, and monitoring capabilities are being integrated into some of the leading platforms now.

The bright side - the right answers will begin to appear
While newer, large-scale mandates like Cloud First continue to take hold, some will also invariably stumble. The innovative minds in cloud, virtualisation, and security will assemble dynamic, scalable, learning systems and platforms to get ahead and stay ahead of the rapidly-evolving threats in the physical and virtual technology landscapes.

Read more about:

Sign up for our free newsletter