Over the past twelve months, the tide has shifted in response to the consumerization of IT. A growing number of companies have come to realize that a corporate environment hermetically sealed from the cloud is a pipe dream given the vast proliferation of cloud services. While there has been progress on the part of progressive IT organizations recognizing and embracing the transformative nature of the cloud, many enterprises may still be surprised at the extent of cloud adoption: the average firm uses 831 cloud services, with IT aware of only 10%. Employees have led the march to the cloud, bypassing IT on their way. This archetypal shift has led us to label 2014 “the year of the user.”

While there are many strong indicators of the cloud economy’s maturity, security controls for data stored in cloud services still lag behind. Given the deluge of breaches and vulnerabilities in the past year, we can’t help but expect another wake-up call in 2015. The message is clear: the head-in-the-sand status quo is no longer an option. By the end of next year, we will say, “2015 marked the tipping point in the journey toward proactive and secure enablement of cloud services.“

1. Hackers will execute a “ransomeware attack” on a cloud service

As enterprises move more and more sensitive data to the cloud, cloud services become more desirable targets for sophisticated attacks. Dyre, a complex malware aimed at the enterprise cloud service Salesforce, set the precedent that “the cloud has arrived.” This trend will continue with a ransomeware attack against a cloud service.

2. The Internet of Things (IoT) will be the target of a major cyber attack

Consumer applications such as wearables and smart home devices get much of the IoT press, but Internet-connected sensors and actuators are quietly entering critical infrastructure, ranging from jet engines to power plants. Criminal organizations and state-backed groups perpetrate an increasing amount of cyber attacks. As a natural target for these types of groups, expect to see a major attack on the Internet of Things in 2015.

2. Consumer cloud services launch a committed (and ultimately successful) foray to enter the workplace

If 2014 was the “year of the user,” consumer SaaS companies will make 2015 known as the “year of the enterprise” as consumer services pursue profits from workers at the office. When it comes to cloud adoption, employees lead the way, creating demand for enterprise versions of consumer cloud services. More cloud-based SaaS providers will follow in Facebook and Dropbox’s steps and push for a foothold in the workplace.

4. Big data becomes security’s savior; security analyst will be the new “data scientist” in job listings.

With security teams facing increasingly sophisticated attacks and multiplying vectors of vulnerability, big data analytics offer a beacon of hope for their ability to identify attacks and safeguard corporate data. Machine learning systems lend security teams the firepower needed to detect attempts at infection and data exfiltration. Make friends with the number crunchers in your organization: they may come to your security team’s rescue.

5. The inevitable shift from private data centers to public IaaS passes its tipping point

Organizations are aware of benefits in productivity, agility, and collaboration offered by cloud services, yet many remain on the private data center path. What key factors will open the floodgates towards public IaaS? Improved auditing and visibility; security and admin controls from enterprise-ready IaaS providers like Amazon, Google and Microsoft; acknowledgement that enterprise-ready IaaS providers invest in better security capabilities than private data centers; and the flurry of targeted cyber attacks laying waste to the “my mattress is safer than Ft. Knox” mindset will remove inhibitions reluctant companies may hold to relying on public cloud providers.

6. CEO + CISO = BFFs

Fallout from the Target breach left no doubt: CEOs are accountable for security breaches. CEOs will spend a much more time with CISOs as they take a more hands on approach to negotiating security budgets, managing risk to data, and briefing the board of directors on cybersecurity initiatives. These two will be attached at the hip at every Fortune 2000 company.

7. The total number of cloud services that meet EU Data Protection Act requirements will double – from 1% to 2%!

Although the number of services satisfying proposed EU regulations may increase, they will remain a vast minority of the total cloud services available. Requirements such as the right to be forgotten, breach notification, and data residency make it extremely difficult for cloud service providers to comply with the regulations. Don’t be surprised if the EU delays or waters down these proposed regulations.

8. Enterprises acknowledge shadow IT as just IT

It’s time to drop the ominous “shadow” from our description of unsanctioned cloud use. Businesses will realize a new definition of shadow IT: tools IT does not provide that employees need to get their jobs done. This milestone is one small step for the worker already using cloud applications to do his or her job, but one giant leap for the cloud economy.

9. The debate finally ends: cloud services are recognized as more secure than on-premise apps

Many companies have hesitated to migrate their data “crown jewels” to the cloud. But the robust security capabilities from enterprise-ready cloud services such as Workday, Salesforce, and ServiceNow are impossible to ignore. Top tier cloud providers and third-party cloud security vendors have teamed to offer unparalleled security controls. Companies can no longer exclusively host their most sensitive data on premises. This game is over, and cloud is the victor.

The Definitive Guide to Cloud Security

Download this ebook to learn about the details of the framework developed by Gartner for managing cloud security.

Download Now