Virtualization and Cloud executives share their predictions for 2017. Read them in this 9th annual VMblog.com series exclusive.
Contributed by Eric Chiu, Co-founder and President of Cloud and virtual workload security company, HyTrust
2017 Predictions: Cloudy Security to Securely to Cloud?There are several topics that have been deemed at the top of the priority list for organizations in the New Year, one being security. This past year brought a slew of new security challenges, from the rise of IoT, to state sponsored hacks on Yahoo-bringing the total to 1.5 billion users' accounts being breached--and now the debate on whether our own U.S. Elections were compromised. In my role, I see the challenges that companies and government organizations face with regards to cloud security.
Here are 5 key areas that I predict we will see in the coming year and enterprises will want to consider as they build out their security strategies.
1. Increased use of on-premises hyperconverged infrastructure (HCI) as an alternative to public clouds. With the increased uncertainty in the global geo-political arena and shifting need for data privacy and sovereignty, more and more enterprises are demanding their workloads be fenced into a specific logical or geo-political boundary, with the ability to change that boundary in a few clicks. HCI, rather than public clouds, can help achieve this. Also, certainly many organizations have leapt unprepared into the cloud, only to be surprised by sticker shock when the AWS bill comes. Sure, the agility and time to market advantages of public cloud are now obvious, but nothing comes for free. The result is a trend where organizations are moving back to on-premises solutions delivering cloud agility on HCI platforms such as Cisco HyperFlex, Nutanix, Pivot3, SimpliVity, VMware HCI, and ZeroStack is likely to continue.
2. There will be wider use of public cloud encryption . According to recent HyTrust surveys, a full 28 percent of organizations surveyed were not running any sort of encryption in their public cloud deployments, and 20 percent in government agencies lacked encryption. In 2017, a variety of options will be available, from cloud-provider-managed services, to bring-your-own-key services, to bring-your own-encryption. At the same time, with increased encryption adoption will come a need for flexible key management that can meet each organization's policy needs.
3. Increased awareness of the vulnerability of encryption keys and need to rotate them regularly. One of the fundamental axioms in security is that you are going to have to periodically change things like passwords and encryption keys in order to maximize security. While some would argue that many IT organizations may have gone overboard with their zeal for password changes, the opposite is true for cloud-based efforts, where most orgs don't swap encryption keys often enough - and understandable reasons. Many traditional encryption approaches require downtime - and sometimes it is substantial downtime - to update keys. Fortunately, there already exist commercially available solutions where workloads can be rekeyed transparently with zero downtime, and these new technologies will increasingly become the new normal in the coming year and beyond.
4. A growing risk from insider threats, both through negligence and intentional malice. The NSA has publicly stated that system administrators are primary targets of its offensive cyberwar efforts, and it is for good reason. When attempting to compromise user accounts, you can chase after individual users one by one, but the rewards are much greater if you can capture high-value accounts with additional privileges, like sysadmin accounts. That's why we will likely see greater emphasis on spear phishing and other attacks against high-value administrators in future. Steps to take to lessen this risk include deploying multifactor authentication, strictly restricting account privileges based on roles, and requiring secondary authorization for potentially disruptive activities. In addition, in an increasingly politically polarized world (given Brexit, global elections, and so on), insiders will become increasingly likely to take action against their own organizations for reasons motivated by activism, rather than monetary gain.
5. Greater risk, if not an all-out war, in the cyber warfare arena. With U.S. policy leaning progressively more toward offensive tactics in the cyber warfare arena - to say nothing of the increasing sophistication and abilities of North Korea, China, Russia and other adversaries - the risk of damage to private industry and federal agencies increases dramatically. State-sponsored hacking incidents in the last year alone suggest that the possibility of an actual cyber "shooting war" is not that far-fetched.
##
About the Author
Eric Chiu is Co-Founder and President of HyTrust, leading the company's Business Development. He has over 15 years of experience building startups, and leading Sales, Business Development and Finance functions. Under his leadership, HyTrust has become a leader in virtualization and cloud security automation and control, winning blue chip customers; principal investors; strategic partners spanning virtualization, network and endpoint security, log management and reporting; and building a world-class team.
Prior to starting HyTrust, Eric served as Vice President of Sales and Business Development for Cemaphore Systems, a leader in disaster recovery for Microsoft Exchange. There, he built the sales effort from the ground up and consistently delivered significant quarter-over-quarter sales growth, also putting in place the key OEM partnership with EMC. Previous to that, he led Business Development for MailFrontier (acquired by SonicWALL) and mySimon (acquired by CNET Networks). In these roles, Eric spearheaded OEM partnerships, technology alliances and new product initiatives.
Eric is a recognized expert in cloud security and serves as subject matter expert for industry and financial reports, print and broadcast media. He holds a BS in Materials Science and Engineering from UC Berkeley.