It’s always fun (and a bit humbling) to look back at predictions for the current year to see which were spot on and which missed the mark. In reexamining our own predictions for 2014, several came to fruition in full effect: “The rise of SMACS,” “Enterprises regain control of encryption keys,” and “Data security re-emerges.” Other transformations are underway but not quite complete: “Unencrypted data will start to disappear” and “IT stops blocking cloud services over outdated risks.”
One prediction sets itself apart as the defining IT trend of 2014: “The rush to adopt cloud services will drown out security fears.” This is not to say IT departments have dismissed cloud security; on the contrary, concerns about data housed in cloud services keep many security professionals up at night, especially in light of 2014’s series of high-profile security breaches. Line of business employees, however, are not sensitive to risk and have led the march to the cloud, circumventing IT on the way. While the myth of a hermetically sealed corporate environment persisted long after the reality, enterprises are quickly realizing that unsanctioned cloud use is a fact of life in today’s workplace. In fact, shadow IT indicates innovation from the line of business up, as workers adopt next-generation tools that drive collaboration and agility.
Expect IT to catch up with the times in 2015 as organizations shift to a proactive, cloud-first security framework. The deluge of breaches and vulnerabilities in the past year brought cybersecurity visibility in the boardroom. Cloud sprawl is ground zero for new security initiatives. Attacks aimed at data in cloud services, such as the Dyre malware, stand as proof the cloud has arrived – as both a source for critical corporate data and the target of increasingly complex attacks. 2014 has proven the status quo can’t last. 2015 will be the year CIOs and CISOs close the gap between IT and users.
With this trend in mind, we are eager to present cloud predictions from some of the most innovative companies and venture capitalists in Silicon Valley. We may not have a crystal ball, but we have been at the forefront of the security industry long enough to have an idea where things are going. Enjoy the predictions, and we look forward to checking back on this list in a year’s time.
Partner, Sequoia Capital
Crowdsourced security will rise in 2015
One of the major reasons security is so challenging is because it’s asymmetrical. Masses of attackers make countless attempts and only need a single breach to triumph, while a handful of defenders (corporate security teams) can only succeed by halting every single attack. Crowdsourcing levels the playing field by enabling efficient collaboration across a broad set of security experts, just as open source equips developers to build better software. Early examples of the rise of crowdsourced security include HackerOne (bug bounties) and Synack (penetration testing). Expect to see more in 2015 as the wisdom of the crowd begins to secure the enterprise of tomorrow.
CEO, Skyhigh Networks
A major cyber attack will target the Internet of Things (IoT)
While consumer applications like wearables and home automation get much of the press, Internet-enabled sensors and actuators are quietly making their way into critical infrastructure ranging from jet engines to power plants. As cyber attacks are increasingly driven by criminal organizations seeking to extort a ransom and terrorist organizations and state-backed groups seeking to cripple their adversaries, expect to see a major attack on the Internet of Things in 2015.
Consumer cloud services make a determined and successful foray to penetrate the enterprise
If 2014 was the “year of the user,” expect consumer tech companies to catch on and extend enterprise offerings. Employees lead the way when it comes to cloud adoption, creating a market for enterprise versions of user-friendly consumer applications. More cloud service providers will join the likes of Facebook and Dropbox in their push into the workplace.
Partner, Greylock Partners
Data management turns its attention to the cloud as cloud systems of record gain in legitimacy and importance
There is no denying that SaaS applications have become systems of record for business critical functions and data. The growth of mobile-first applications and the ease of connecting to SaaS applications led to a rapid sprawl of corporate data across cloud services. 2015 will see the rebirth of data management but this time for data distributed across cloud services as enterprises seek to proactively manage their corporate data from a security, compliance and governance perspective.
Device security (finally) gives way to data security
Employees want to work unfettered, BYOD is here to stay, devices are getting replaced at a faster pace while the value of corporate data extends longer, and always-connected devices are reducing the need for device-local data storage. It was a long time coming, but companies will finally shift their focus from securing endpoint devices to securing data on its way to and from the cloud and stored in the cloud – all while ensuring a seamless user experience.
The API economy rubs off on security
As both IT and Security shift to the cloud, CIOs are demanding better cloud interoperability from their vendors. In 2015 we will see cloud security vendors provide rich, robust, API’s to help their customers build more efficient security programs. Security systems in the past have been tightly controlled on-premise systems integration. The new enterprise security stack will deliver APIs that can assist in integrating policy, logging, and intelligence from multiple security vendors. This will lead to better efficacy, easier management, and increased context on attacks.
Additionally, we will see a shift in the organizational makeup of the security department. Security teams will add developers who can write to APIs and automate repeatable incident-response operations.
Enterprises will adopt a modern security stack in 2015
The IT landscape has been transformed by mobile devices, cloud applications, and ubiquitous high-speed Internet – yet the security landscape is stuck in the 90s. It’s no longer sufficient to simply rack an appliance at the edge of the office network that protects employees 9-to-5, only when they are in the office. Not only is work happening outside the office, but attacks are, too. 2015 will see the maturation of the modern enterprise security stack. A stack of cloud-delivered offerings that replace the 9-to-5 security model with a 24×7 model that provides visibility and protection across all devices and users, wherever they are in the world – and in a way that doesn’t slow down employees or violate their privacy.
COO and Co-Founder, Okta
Silo-ed mobility management fades into the past
As more workers access enterprise applications from more types of devices, silo-ed mobile device and application management will fade into the past. Organizations will adopted strategies that allow them to centrally manage users—not separate devices—and how those users access any enterprise applications from any device, at any time, and from any location.
User experience is all that matters
Software providers and IT leaders can address their most complex security requirements with services that integrate with or are built directly into their applications. This is resulting in a tremendous opportunity for developers to differentiate their products and for IT leaders to optimize workforce productivity by designing and optimizing almost exclusively for the end-user experience.