2017 Cloud Security Trends
If you’re one of the millions of businesses worldwide benefiting from cloud computing’s agility and accelerated time to market, it is likely that you deeply considered the best way to protect your cloud-based data before making the move. Transitioning from a traditional IT environment to cloud computing is an eye-opening experience for many, largely due to the rapid evolution of the cloud. Combine this evolution with multiple cloud providers, several SaaS providers, shared responsibility, and mission critical implementations, and you’ll need a compass to find your way home. How do you stay ahead of cyber attacks as advancements in cloud computing continue to progress? We’re keeping you in the loop with a few of the top trends and predictions for cloud security in 2017!
Increased Vulnerability for the Internet of Things
The booming IoT industry presents a world of innovation waiting to be unsettled by persistent cyber attackers. A rapid solution is necessary, as a report conducted by Ericsson estimates 16 billion IoT connected devices by 2021 (scaling back from a 2010 prediction of 50 billion by 2020). Industries such as manufacturing and healthcare are utilizing IoT devices regularly, creating a more critical need for a cloud security solution in 2017. Genpact Research Institute reported, “31% of IT executives say data concerns are delaying IoT adoption.” A current lack of standards, patching, links across IT and operational systems, devices shipping with security gaps, user error, privacy concerns, and links to big data will keep the industry busy in 2017.
Accountability for Shadow IT
Without proper guidance, Shadow IT is commonly overlooked, enabling tremendous security gaps. Cloud security will continue to become more complex in 2017, meaning flawless internal IT operations are imperative for cloud security. This will be a difficult task, but our Principal Cloud Engineer has tips for staying ahead of Shadow IT.
“Clearly the hottest issue today isn’t how to drive cloud adoption, but rather how to manage it. Both IT and business functions have realized the benefits of using cloud systems and applications but most IT departments haven’t figured out a good way to manage the situation,” states Len Padilla, Vice President Product Strategy at NTT Communications in Europe. “This challenge is one of the main reasons that we have developed our Cloud Management Platform; to make it possible for IT departments to allow safe and sane adoption of cloud systems and applications by their users.”
According to a 2016 VMWare survey, the consequences of Shadow IT are increased stress on IT personnel and resources (59%), as well as more difficulty preventing cyber-attacks (73%). As traditional working structure evolves, the blurred line between office and home technology fuels Shadow IT issues. We suggest kicking off 2017 in style by taking full inventory of all work-related devices used by your employees.
Tighter Security Regulations for Employees
Let’s face it: Cloud security transformation is tough to navigate. It’s more problematic when your employees are uneducated about security best practices. Whether it is due to a disgruntled ex-employee or an honest mistake, one of your largest security risks is your team of employees.
To combat negligence, Ponemon Institute's report, Managing Insider Risk through Training and Culture, suggests creating a culture of security by providing incentives for protecting sensitive information or reporting potential issues. The report included responses from 601 individuals at companies with a data protection and privacy training program (DPPT), which appear to improve data security by 51 percent. They found 66 percent of respondents believe employees are the weakest link when creating a strong security stance, and 55 percent said their organization had suffered a security incident or data breach due to a malicious or negligent employee.
Ponemon also found that 60 percent of respondents said they believe their employees are not knowledgeable or have no knowledge of the company's security risks. A mere 35 percent of respondents said their senior management believes it is a priority that employees are well-informed about the impact data security risks have on the organization. CIO.com reviewed the study, adding “…senior executives should set an example by participating in the data protection and privacy training program and emphasizing the importance of reducing the risk of a data breach or security incident.” They also suggest gamifying the training to make learning more fun and engaging for employees. While global regulations are not expected to be established in 2017, the conversation is expected to become more serious and time sensitive in the coming year.
Cloud Security Workflow Automation
Vulnerabilities in cloud security have kept IT teams busy in the current market for several years. Basic remedies have been utilized by end users without the need for IT involvement, but the end is near for self-help. As cloud computing becomes more complex, the average end user will be rendered useless with so many issues. When cloud complexities evolve in already short-staffed organizations, it will be critical to have an automated security workflow in place for your IT team. Machine Learning is expected to make waves for automation and security in 2017. Amazon Machine Learning (ML) uses powerful algorithms to create models by finding patterns in your existing data. Then, Amazon Machine Learning uses these models to process new data and generate predictions for your application.
Venkat Vijayaraghavan, Sr. Product Manager for Amazon Web Services, discussed the challenge at re:Invent 2016. “As attackers become more sophisticated, web application developers need to constantly update their security configurations. Static firewall rules are no longer good enough. Developers need a way to deploy automated security that can learn from the application behavior and identify bad traffic patterns to detect bad bots or bad actors on the Internet.”
New Roles for Cloud Security Professionals
It’s no secret that IT is a rapidly evolving industry. Constant changes in technology open the door for new job roles and clear the path to opportunities in organizations, however, they also create talent gaps and overworked employees. According to a study published by ESG and the Information Systems Security Association, “46% of organizations claim to have a problematic shortage of cyber security skills." The report also found, “22% of respondents say their organization has an acute shortage of cloud security skills. This gap is likely to increase as more organizations move their workloads to public and private cloud infrastructure.” More than half of respondents reported, “the cyber security skills gap has resulted in an increased workload for staff. More than one-third said the IT skills shortage forced them to hire and train junior employees rather than bring on more experienced cyber security professionals.”
In 2017, we will begin to see a balance emerging between hard and soft skills. A 2016 report released by Intel Security, "Hacking the Skills Shortage,” revealed a need for soft and hard skill sets among cyber security professionals. It is no longer enough to offer fluency in programming languages, software development, and intrusion detection. This knowledge must now be coupled with clear communication, team collaboration, and team management skills. Cloud security professionals suggest five soft skills for young professionals to grow to advance in cloud cyber security:
- Strong research and writing instincts
- A teacher’s disposition
- Consultative thinking
- A passion for learning
We recommend investing in classes and conferences to expand your cloud security skill set this year. Keep an eye on emerging cloud career trends and remember to contact a trusted talent delivery team when you’re ready to take the leap to a new role!
Always be in the Know, Subscribe to the Relus Cloud Blog!