It’s almost the end of the year. It’s a time when everyone wants us to get out our crystal ball and accurately predict what’s going to happen in the next twelve months.As this year’s “Back to the Future Day” proved you can generally count on a 50/50 hit rate with these things, we have Skype and flat screen TVs, but still no flying cars.
I did spot an interesting prediction this week hidden amongst Gartner’s catchily titled “Top Predictions for IT Organizations and Users for 2016 and Beyond”. If you read past some quite terrifying ideas about how machines will basically make humans obsolete by 2020, analyst Jay Heiser makes this assertion:
“Through 2020, 95% of cloud security failures will be the customer's fault.”
His analysis goes into some detail: “Recent history has shown that virtually all public cloud services are highly resistant to attack and, in the majority of circumstances, represent a more secure starting point than traditional in-house implementations. No significant evidence exists to indicate that commercial cloud service providers have performed less securely than end-user organizations themselves. In fact, most available evidence points to the opposite. Only a very small percentage of the security incidents impacting enterprises using the cloud have been due to vulnerabilities that were the provider's fault.”
I think I would broadly have to concur with this assessment. Public cloud services by their nature must invest seriously in security if they’re going to hold sensitive data on their servers.
It won’t be easy for cloud providers to prove the effectiveness of their security. As human beings we have an aversion to letting precious things go to places where we can’t see them. The weapon that cloud providers must use to combat the fear of cloud migration is visibility, these systems must be as accessible as any internal IT infrastructure. Businesses are seeking access control, transparency and auditing to help prove that cloud services are secure. Unless that’s something that changes over the next few years we’ll continue to see an unwillingness for businesses to take to the cloud en masse.
This view is supported by Heiser: “The growing recognition of the enterprise's responsibility for the appropriate use of the public cloud is reflected in the growing market for cloud control tools. By 2018, 50% of enterprises with more than 1,000 users will use products provided by cloud access security brokers to monitor and manage their use of SaaS and other forms of public cloud, reflecting the growing recognition that, although clouds are usually secure, the secure use of public clouds requires explicit effort on the part of the customer.”
If you’re looking for advice on how to consider cloud security as part of a migration, we’ve created a whitepaper with some starting points that you can download here.
You can also see exactly what Back to Future got right and wrong here.