The cloud can be a godsend for enterprises struggling to keep up with burgeoning data loads and high user demand. In the blink of an eye, you gain access to all the resources you desire, and at a fraction of the cost of building out additional physical infrastructure. Given the ease of access and relative low cost, the cloud continued to rapidly gain traction during 2011. What can we expect this year? Eric Chiu, president & founder of HyTrust, a cloud infrastructure control company, has made the following 2012 cloud security predictions.
Click through for the top eight cloud and virtualization security predictions for 2012, as identified by Eric Chiu, president and founder of HyTrust.
The explosion of APTs against high-profile companies and government agencies that we saw in 2011 will become even more predominant in 2012. Organizations that come under fire from APTs will be at heightened risk, suffering tremendous credibility and financial loss.
Insider threats backed by malicious intent, and the risks associated with insider breaches will grow in 2012. Because they occur within the network and by privileged users – such as employees, contractors or partners – organizations will have a hard time battling insider threats with traditional security measures that detect attacks from the outside. In a recent survey from Lieberman Software, more than 48 percent of survey participants said they have worked at an organization whose systems got compromised by a hacker. Keep in mind many of these insider threats are also simply human error.
Companies nowadays often have to bring in outside expertise at $330.00 hour with door-to-door billing and potentially emergency rates on top of that to analyze how an endpoint system was (again) compromised. The ongoing battles in this war aren't won quickly, but rather in months and years when you include the ensuing investigations, not to mention regulatory and compliance issues.
Executives increasingly need to show 360-degree and holistic reports to satisfy regulatory compliance requirements – particularly in the PCI DSS space. The consequent legal implications will drive more companies to automate their network security audits and rely less on periodic audits.
The classic virtual incident response team concept will continue to fade in favor of full-time incident responders, forensic analysts, and reverse engineering malware specialists.
While there are many possible benefits to cloud computing, the honeymoon will end. Gartner predicted “cloud hype” will peak in 2011-2012. Many organizations have discovered or will discover that they do not have the flexibility they need for their businesses, and many others will discover that any security issues (from audit to compromise) are far more complex in the cloud. With all issues come opportunities for progressive organizations to try new virtualization security and management technologies to allow even the most regulated industries to leverage the cost savings that come with the cloud.
As more and more organizations add virtualization technologies into their environment, particularly server and desktop virtualization, security will be more embedded in the native technologies, and less of an "add-on" after the implementation is complete. For server virtualization, new security, firewalls, and monitoring capabilities are being integrated into some of the leading platforms now.
While newer, large-scale mandates like Cloud First continue to take hold, some will also invariably stumble. The innovative minds in cloud, virtualization, and security will assemble dynamic, scalable, learning systems and platforms to get ahead and stay ahead of the rapidly-evolving threats in the physical and virtual technology landscapes.