In 2013, the cloud industry hit a milestone. As indicated by the massive surge in users and the slew of cloud vendors and service providers now available, cloud computing went from being just another buzzword to a viable infrastructure widely adopted by small businesses and large enterprises alike. It also revealed how vulnerable cloud users are to the dangers of cloud computing. In 2014, the cloud industry will aim to change that.
From public clouds to private clouds to hybrid clouds, businesses now have a wide range of services from which to choose that best fit their needs and budgets. Whether they implement Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS), or Everything-as-a-Service (EaaS), the cloud can be used for storage and anytime, anywhere access of files, applications, networks and entire computing systems. It is this entire dependence on the cloud, however, that makes cloud users so vulnerable to data and financial loss in the event of a security breach. [Why You Should Fear Cloud Computing]
While 2013 highlighted several types of security issues surrounding the cloud — cyberattacks, insider threats and government intrusion, to name a few — 2014 will seek to minimize these risks by offering better security systems, automation and governance to protect cloud users and their data.
Eric Chiu, president and co-founder HyTrust, a cloud infrastructure control company, provided the following predictions on how the cloud will improve in 2014:
1. Bring your own security
Organizations will bring their own security to the public cloud. Given the recent disclosures about government access to cloud service provider networks, we’ll see further investment in key management systems that allow organizations to keep control of their encryption keys themselves versus entrusting that critical security measure to the same vendor that holds their data.
2. Automated security
Cloud security automation will ramp up. Organizations will drive for greater automation and orchestration of security in the cloud and seek vendors that can secure both private and public cloud environments.
3. All about policy
Policy will become a main focus. Cloud environments are dynamic and workloads are mobile, even between cloud providers. Automated security based on embedded workload policy will be critical for the next stage of cloud adoption.
4. Hybrid cloud will dominate
It will no longer be the private or public cloud. Companies will implement a combined private and public cloud strategy to offer freedom of choice to business units. However, data security and governance will become paramount to enabling this journey. And encrypting all workloads in the cloud will become a default requirement.
5. Single-vendor solutions
Organizations will look to buy more solutions from a single vendor and demand greater integration between solutions to automate security. In addition, the fact that securing cloud environments is very different from securing traditional physical environments will drive greater consolidation in the market.
6. Two types of private cloud
The private cloud will develop into two camps. There will be two different primary buyers of private cloud infrastructure: "Out-of-the-box" customers that will buy pre-built, pre-integrated solutions on converged infrastructure platforms, and customers who want to build their own using open-source components.
7. Automated, agile governance
Companies will look to automate governance in the cloud. The internal corporate governance process is typically cumbersome and involves multiple reviews by different groups, which erodes the agility that the cloud enables. Agility will be the driver in 2014 to automate these governance processes.
8. Insider threats
Insider threats will continue to be the No. 1 cause of breaches. Access controls, role-based monitoring and the "two-man rule" will become key requirements in the cloud to prevent major breaches and data center failures.
9. Data center consolidation
Data center consolidation will become the new driver for private cloud computing to enable even greater efficiencies and cost savings. Next-generation data center architectures will require logical infrastructure segmentation to enable multi-tenant private clouds.
10. New software-defined infrastructures
Companies will look to pilot and implement software-defined networking as the next step in their virtualization journey. Software-defined infrastructure will put greater focus on securing the management plane, given the greater concentration of risk and potential for catastrophic failure.