10 Cloud Security Trends To Watch

Cloud Security Week

As more companies make the leap to the cloud, the question of how secure cloud computing is comes under more scrutiny. With new megabreaches hitting the news almost every week, customers are recognizing the responsibilities they have to protect their data, no matter where it sits, and are reaching out to solution providers to help them find the security technologies to help them do it. As a result, security experts said, they are seeing new attitudes and technology trends emerging in the marketplace. As we kick off CRN's Cloud Security Week, take a look at some of the trends on the rise in cloud security.

1. Accelerating Adoption

While not a new trend, the push into the cloud is driving more demand for security options to provide visibility and control over the data that's housed there. That is especially true as some businesses go beyond a cloud proof of concept to move the bulk of their workloads to the cloud. The challenge going forward for solution providers is that a hybrid model increases the complexity "exponentially" as end users demand the same level of visibility and control regardless of whether the data is in the cloud or on-premise, said Piero DePaoli, senior director, global product marketing at Symantec, Mountain View, Calif.

2. Changing Threat Vectors

As more companies adopt cloud computing, threat vectors are shifting to the cloud at a rate triple or quadruple what it was 12 months ago, said Chenxi Wang, vice president of cloud security and strategy at CipherCloud, San Jose, Calif.

"In the past, the target has been the organization," Wang said. "Now we have seen a lot more sophisticated attacks targeting cloud applications, where they're using the cloud as a vector to attack the organization." For example, an attacker could get access to Google credentials in the cloud, then use that as a platform to gain access to the rest of the organization, she said.

3. Security Leading More Sales Conversations

Solution providers and vendors agreed that more and more sales conversations with customers center on cloud security. That can take many forms, they said, from clients looking to move to the cloud for security reasons or just general concern about the protection of their data after migration. Inez Luna, business development manager at solution provider Total Tech, San Diego, Calif., said she sees sales for cloud, services, projects and more focused on security.

"Everything is driven by security," Luna said. "When it comes down to it, it's all about securing your data."

4. Embracing Security-as-a-Service

Companies both large and small are embracing Security-as-a-Service solutions more than ever, said Scott Hazdra, senior security consultant, security solutions, at Cisco Systems, San Jose, Calif. The breadth of those solutions is expanding, Hazdra said, as companies turn to cloud or managed services around "more topics than I've ever seen," including security information and event management, security analytics and identity management. Ben Munroe, product marketing manager, security business group at Cisco, agreed, saying that customers are much more aware of the options available on the market.

"Even 18 months ago, you would perhaps be trying to convince customers that the cloud model and Security-as-a-Service was a valid way to go. Now those customers are leaning in, and there's less education required and more forward conversations," Munroe said.

5. Industrialization Of Hacking

The rising sophistication of attackers, which Cisco's Munroe called the "industrialization of hacking," is driving more demand for security. In particular, Munroe said he is seeing demand driven for cloud security.

"Very-well-funded bad actors that are out there are trying to find new attack vectors," Munroe said. "The response has to be as fast. The response has to be as pervasive and continuous. This is describing cloud and cloud-delivered solutions."

6. Geographical Differences

Changing cloud regulations around the world are complicating cloud security, said Bill Lucchini, senior vice president and general manager of Sophos Cloud. Europe in particular has produced conflicting messages, with countries such as the U.K. being far along in cloud adoption, other countries such as Germany emphasizing privacy, and others such as France proposing legislation to spy on Internet traffic. For cloud security vendors, that complicates business in those regions, Lucchini said.

"There's a tension there," Lucchini said. "I think each of these governments has to figure out what its role is in enabling business. If you're not adopting cloud, you're going to hamper your ability to grow as an economy, yet you want to protect your citizens and have reasonable practices."

7. Penetration Tests On Cloud Partners

More clients are starting to do more penetration testing on their business partners to make sure they are secure from all sides, said Dave Abramowitz, Trend Micro technical advisor. That group could include contractors, manufacturers, and anyone companies communicate with and do business with on a regular basis, he said.

"These happen because someone sees that the security at a certain company is pretty tight, but that company deals with companies that are not," Abramowitz said. "I think we'll see some companies step up and say we've got to do penetration tests not only on ourselves but on our partners as well."

8. Customers Taking Responsibility

In the shared responsibility model for cloud security, experts agreed that customers are recognizing that they have to take more responsibility over protecting their data, whether it's in the cloud or on-premise. While the large cloud providers offer security protections and services on top of their cloud offerings, customers are recognizing that they also need to add controls of their own, such as encryption or next-generation firewalls.

"What I've seen from the customer perspective is they've started to accept the fact that wherever they are going to put their data, ... they need to take more responsibility around protecting it," Cisco's Hazdra said.

9. Mobile And Cloud Convergence

As mobile continues to skyrocket, exploitations are starting to follow suit, Trend Micro's Abramowitz said. As a result, companies are starting to move beyond mobile device management and mobile application management as the sole mobile security offerings, and stepping into single complete solutions for cloud and mobile, said Javed Hasan, vice president, product management, enterprise security at Symantec.

"A big trend we are seeing is bringing it all together, tie it all together and give me a better solution. In some senses, that's a more mature model," Hasan said.

10. Conversations Coming From The Top

As customers invest more in cloud solutions, the sales conversations are shifting higher up the executive ranks to the C-suite, experts agreed. They said that is true for many areas of security, but particularly for cloud security. Rajiv Gupta, founder and CEO of Campbell, Calif.-based cloud security vendor Skyhigh Networks, said he is seeing top executives starting to view cloud as an enabler for line-of-business employees, particularly as the tools become available, CSPs mature and the rise of shadow IT shows that the "horse has already fled the barn." In parallel with that, top executives are seeing data breaches make front-page headlines, and are stepping up their investments in security around the cloud solutions they're embracing.