Imagining Security

Gregor Petri, a research vice-president at Gartner uses the occasion of a new year to imagine a moderately optimistic future for security in the public cloud.   Ironically he uses John Lennon’s peace anthem “Imagine” to point out that our ubiquitous consumer technology developments which once exceeded our imagination can be traced back to the needs of the military, the Cold War space race, and the consolidation of financial service behemoths.   However within the last decades imaginative technology innovation has been driven by consumer giants like Amazon, Facebook and Google. And now approaching 2016, the frontier offering the most opportunity for change appears to be security and information protection. Following the previous trend the leading public cloud providers such as Amazon and Azure or, as Petri calls them, the hyper-scale providers are offering a vast array of information protection tools and infrastructure that exceed the capabilities and budgets of the CIOs of companies and government agencies. He also cites Gartner’s prediction that, through 2020, 95% of all security breaches in the public cloud will be traced back to the public cloud customers who do not use the tools and protections properly rather than from any inherent security fault in the public cloud infrastructures.

Petri and Gartner also expect that through 2020 85% of enterprise organizations will benefit from employing Cloud Access Security Brokers (CASBs) to avoid this category of security failures.   This consulting market might reach rapid growth from the mere 5% of enterprise organizations currently employing such security brokers.   But Petri also alludes to the possibility of a leap-frog over this market need. Hyper-scale providers such as Microsoft and IBM have recently acquired companies who specialized as CASBs.   Even the opportunity to provide enterprise consulting as a CASB may diminish as the hyper-scale providers race to provide better security as a means of establishing a competitive differentiation within the hyper-scale market.

A year or two ago CIOs cited security as a concern that slowed the adoption of public cloud services and which seemed to make these less than “enterprise-class”.  Petri’s insight illustrates the breadth of the change in public cloud service market. The public cloud service providers appear to be rapidly evolving to offer the highest levels of information security available in the market.   The acquisition of CASBs by public cloud providers represents an improvement of security through consolidation beyond the reach of individual enterprise-class companies. This raises the possibility that any particular security breach becomes a one-time event as each public cloud service provider reacts and adjusts its security to then protect all of its clients at once. This is in sharp contrast to the information breach at Target Corporation using malware that was also used in attacks against other retail giants.   In that case hackers who learned of the success of the Target attack could have tried, or may still be trying, to use the same tools against other retailers and race ahead of the vulnerabilities of each retailer’s internal security infrastructure. The hyper-scale cloud providers are more likely to be able to protect all of their clients from such attacks and, due to their scale, eliminate the possibility of service outages initiated through denial of service attacks.

Thus imagining 2016 leads one to believe that some security risks may decline through the evolution of new security offerings by hyper-scale cloud providers.   One could also expect that the shift to reliance upon cloud-based security infrastructure will lead to some decline in the demand for security administrators within enterprise-class companies.  In any case, savvy organizations are likely to seek security expertise from outside of their internal teams in order to achieve the highest value from their security budgets.