Gartner’s yearly symposium in Florida serves as the de facto state of the union for enterprise IT. Last week IT professionals from around the world flocked to Orlando for the yearly status check on the trajectory of trends years in the making: namely, cloud, digitization, and mobile. As usual, the Twittersphere captured the pulse of the event.
Predictions are cheap without follow up, and Salesforce’s Chief Digital Evangelist, Vala Afshar offered a reality check on last year’s forecast for 2015. Security once again proved itself a hype-proof technology category, topping the lists for forecast and execution. Mobility and cloud both advanced in importance, moving from third to second and fifth to fourth, respectively. Of course, we’re already looking ahead to next year’s check-in on 2016’s predictions!
— Vala Afshar (@ValaAfshar) October 7, 2015
While cloud computing and security have consistently driven the enterprise IT conversation, the tone has shifted in the past year. We’ve witnessed an undeniable sea change in the attitude towards cloud. The conversation has advanced, to quote a colleague, from education on the problem to education on the solution. Since cloud’s introduction to the workplace, IT has nervously anticipated (and at times ignored) the associated security challenges. In the early days, these concerns amounted to widespread, categorical, and at times illogical fear of introducing cloud services to the enterprise. However, with employee and business unit-lead adoption of (shadow IT) cloud usage and IT adoption of sanctioned cloud usage, the conversation has shifted to how to securely enable cloud services. Gartner analyst Neil MacDonald points out this evolution in the dialogue as he repositions his belief in the cloud as more secure than corporate networks from fringe to mainstream.
— Neil MacDonald (@nmacdona) October 7, 2015
The perception of the cloud as inherently more secure than on-premises servers has gained huge traction in the past year and indicates a tipping point in the maturity of the cloud market. This slide shared by Wendy White of CenturyLink alludes to the tumult in the security industry over the past twelve months, from which cloud has emerged the victor. There was certainly no shortage of breaches in 2015, but critics would be hard-pressed to name an enterprise cloud service provider who coughed up customer data to attackers. The stewards of giant troves of sensitive information like the department of Operational Personnel Management and, recently, Experian have proven incapable of securing their sensitive data. Arguments for cloud services as a security liability no longer hold up in this context.
— Wendy White (@wendywhite) October 5, 2015
The vector of weakness in many of the most publicized breaches was legacy infrastructure – the supposedly “more secure” alternative to cloud-based storage. In several cases, the IT staff either neglected or deemed it unfeasible to upgrade home-grown servers to meet security requirements. Enterprise cloud-based solutions alleviate these constraints as service providers can seamlessly deliver upgrades and implement security controls. Turning on best-practice security capabilities such as multi-factor authentication, can become as simple as clicking a button. Proponents of cloud have traditionally pointed to scalability and cost benefits, but in the past year outsourced computing has become more attractive with every breach of on-premises data systems. Gartner revealed their predictions for 2016 at the conference. The final prediction highlights cloud’s trajectory towards acceptance as the marquee secure infrastructure: “Through 2020, 95 percent of cloud security failures will be the customer’s fault.” We have to assume this doesn’t include breaches at consumer SaaS companies such as Twitter and eBay, which have divulged sensitive employee information attackers can leverage against enterprises.
"How many breaches were cloud related? None Most of those breaches were the customer's fault. Customers systems are less safe." #GartnerSYM
— Brett Colbert (@brett_colbert) October 5, 2015
Embracing cloud services doesn’t automatically ensure foolproof security. Enterprises still hold responsibility for employee behavior and usage of cloud services. Gartner’s prediction indicates that companies still face a range of vulnerabilities pertaining to cloud use such as insider threat, compromised accounts, and compliance violations for regulated industries. Protecting data in cloud systems requires a fundamentally different approach. Jim McKinney of PLM speaks to a recently accepted sentiment in the IT industry: almost all organizations will or already have suffered a security breach. The challenge is to minimize the damage of incidents. Given the predominance of advanced persistent threats (APT) and stolen credentials, the industry has been trending towards security strategy and tools that increase the rate of remediation. Cloud services can actually deliver richer monitoring data than company servers. Leading enterprise SaaS companies foster API ecosystems for third-party providers to overlay security features. Gartner predicts that by 2018, 50% of enterprises will have deployed a cloud access security broker to overlay security capabilities for their sanctioned cloud services.
Don't invest so much in developing a perfect security model (does not exist); invest more in detection and response. #GartnerSYM
— Jim McKinney (@PLMJim) October 5, 2015
Inertia is an all too powerful force in IT security, leading organizations to continue with sub-par technology and antiquated hardware due to sunken infrastructure costs. Michael Corey, an IT consultant, alludes to frustration with accepting an insufficient status quo. Unfortunately business needs to “keep the lights on” can delay necessary security improvements. This is where the categories of business enablement and security discussed at Gartner come together. The warming towards cloud services is timely with in-demand security capabilities like activity monitoring and threat intelligence. The synergistic technology demands for digitization and cloud security mean that companies with digital business initiatives have incentive to expand the project to include security. Organizations planning company-wide deployments to Box and Salesforce need to simultaneously consider security in terms of how employees use the services – often as a prerequisite for meeting security and governance requirements. Gartner ITxpo expressed bullish views on cloud maturity, and now the onus lies with enterprises to securely enable next-generation solutions.
Quiet tolerance of poor security practices is unacceptable #GartnerSYM
— Michael Corey (@Michael_Corey) October 5, 2015
Security Intelligence: The New Frontier for Protecting Corporate Data in the Cloud
In this report we will explore the two distinct risk vectors that have created a cyber-security blind spot and offer guidance on how to protect your company from data loss across these two vectors.Download Now