During his RSA keynote in late 2010, company chief Art Coviello noted “last year my keynote was about the promise. This year it’s about the proof.” His statement established, and on a podium, that cloud security is finally beginning to catch up with the of the rest cloud revolution taking on the enterprise today. This surge of attention came as the ever-accelerating adoption of the cloud throughout multiple industries uncovered new security risks, which became a priority equivalent to all related business problems. We can expect the same this year, and issues which need to be addressed today will evolve into full-scale trends this year.
Consumer trends have exhibited a lot of correlation and influence on enterprise trends lately, notably in the past 12 months, and mobile will become an even bigger aspect of the cloud, and cloud security in 2011. As professional users will have access to larger quantities of critical business data from the far reaches of their personal clouds, the risk of data breach will exponentially increase.
Other major cloud security risks expected to take the spotlights this year include the need for better access control. This area also relates to mobile , and comes in addition to compliance concerns, most notably around PCI and key industries displaying greater cloud adoption (such as healthcare), and hypervisor segmentation flaws. These would enable intruders to gain access to the hypervisor system from a VM.
Another cloud security trend this year may be the rise of security standards, which according to ESET CEO Richard Marko, would not eliminate security concerns and may even facilitate more targeted attacks. Putting these trends aside however, the enterprise should approach each security concern according to the relevant cloud model in use, says Vordel CTO Mark O’Neill.
O’Neill highlighted that corporations must divide cloud models into categories – SaaS, PaaS and Integration-as-a-Service; and address the security requirements appropriately for each. For SaaS, the emphasis is put on single log-in for employees utilizing cloud resources; for PaaS, it’s the need to encrypt, remove or redact data before sending it to the 3rd party cloud provider; and for IaaS, governance and financial record keeping should be the central considerations. All 3 models however do have one other common security consideration, which is the need to protect APIs and interfaces.
The latest cloud security consideration will only grow in importance as the enterprise’s transit to the cloud realizes itself in accelerating rate, but it does need to be addressed today. Hewlett-Packard and the Cloud Security Alliance (CSA) recently released the “Top Threats to Cloud Computing” report, which highlighted insecure API Keys next to malicious insiders, data leakage and other equally prominent security threats.
Cloud security is a huge market, and as cloud threats evolve the demand increases. Offerings such as the upcoming RSA Cloud Trust Authority offerings suite will help define the cloud’s future in the enterprise space, and will drive demand to it as security requirements are answered more and more effectively.