Chief security information officers need to dispel the uncertainty surrounding cloud computing.
In a world where security breaches at large corporations dominate the headlines, the ambiguity that surrounds cloud computing can make securing the enterprise seem daunting. The challenge exists not in the security of the cloud itself, but in policies and technologies for security and control of the technology. Although most enterprises are familiar with cloud, or at least the idea of cloud, misconceptions and misunderstandings about what the technology can offer are pervasive.
“Cloud computing remains hyped and widely misunderstood,” says Jay Heiser, research vice president. “Ambiguity about what cloud computing actually delivers to an organization is compounded by a variety of real and imagined concerns about the security and control implications of different cloud models.”
Read More: Why CIOs Still Need a Cloud Strategy
It can be difficult to see the future of any technology, but Heiser gathers Gartner predictions for the future of cloud security.
Through 2020, public cloud infrastructure as a service (IaaS) workloads will suffer at least 60% fewer security incidents than those in traditional data centers.
Gartner concluded that the security posture of major cloud providers is as good as or better than most enterprise data centers and security should no longer be considered a primary inhibitor to the adoption of public cloud services. However, it is not as simple as moving on-premises workloads to the cloud, and security teams should look to leverage the programmatic infrastructure of public cloud IaaS. Automating as much of the process as possible will remove the potential for human error — generally responsible for successful security attacks. Enterprise data centers could also be automated, but usually don’t offer the programmatic infrastructure required.
Exploiting IaaS infrastructure will have a slow adoption rate, and not all IaaSD providers support public cloud IaaS. Security and risk management leaders should utilize the cloud IaaS provider’s native security capabilities and integrate application security testing and other vulnerability scanning capabilities into the deployment cycle.
By 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.
Placing workloads in the cloud does not require a security trade-off. In fact, IaaS cloud providers offer features to ensure users have access only to the information they need and also track all the “who, what, when, where” details. Enterprises actually benefit from the security built into the cloud.
Read More: Why Cloud Security Is Everyone’s Business
Cloud computing does reduce the overall security scope, and it does require customers to manage some of the computing stack in a shared-responsibility model. This is a good opportunity for new types of approaches and new method adoption to protect information. The cloud will require a different approach to security; on-premises security habits and designs won’t work well for information stored in the cloud.
Security and risk-management leaders need to advise and educate their teams and the infrastructure and operations (I&O) teams about native visibility and control features offered by cloud providers. Look into cloud-aware tools to improve visibility so day-to-day security rests with the security and I&O teams, instead of the developers.
Gartner clients can view all five cloud security predictions for 2017 in Predicts 2017: Cloud Security, by Jay Heiser, et al. This research is part of the Gartner Special Report “Predicts 2017: Lead, Follow, or Get Out of the Way: A Gartner Trend Insight Report,” a collection of research that focuses on predictions that enable companies to plan strategically for both expected and unexpected change.
CIO Futures: The IT Organization in 2030
The IT domain in 2030 will evolve out of today's agile practices and professional services models. CIOs will organize a fluid arrangement...Read Free Research
The Top 10 Mobile Technologies
As an I&O leader it is important to stay apprised of the trends in mobile technology. You need to understand which technologies can...Start Watching
Attend a Gartner data center event.Explore Gartner Events