Cloud security has been better than on-er0 security for several years now. Enhanced automation and engagement will strengthen its position as a best-in-its-kind method.
Gartner stated that by 2020, public IaaS workloads will experience at least 60% fewer security issues than workloads in traditional data centers. When I pointed this out a few years ago, many people scoffed at this statement.
Both super-level service providers and third-party security are spending about 70 to 80% of their R&D budgets to support public clouds. It’s no surprise that the quality and functionality of most cloud security technologies will outperform traditional on-er0 systems.
What are we up to in terms of cloud security? This is what I think the landscape will look like in three years, maybe sooner.
Auto-autos everything. Some security systems authorities existing processes today, but in five more years, this will take it to the next level. We will have dynamic interactions with potential threats, powered by machine learning systems, that use coordination between the clouds and internal crowds of various resources to find and prevent attacks.
This transfers cloud security from a passive state to an active state. We are no longer waiting to be attacked; we can detect when an attack is imminent and automatically challenge the attacker with automated defenses before the first penetration. In some cases, we will be able to launch automatic counterattacks.
Focus on intercloud security. As we move into the multi-cloud world, we find that using individual security systems for each public cloud is too laborious and causes complexity and confusion that can lead to breaches.
As I said before, multi-cloud is not really about the cloud. It’s about technology that exists between the clouds. Technology has access to native interfaces, but logically, runs on all public clouds. This means you can coordinate services to establish a unified defense system as well as share a knowledge base on how to best protect against specific types of attacks.
You’ll also need visibility into all major applications, databases, and storage systems in all public clouds; for example, it can be seen that CPU saturation needs to be checked as a possible attack.
Get rid of humans. You can think of a Terminator-like scenario when machines turn us on, but the reality is that humans are the weakest link in the security chain. Gartner claims that by 2025, 99% of cloud security errors will be customer error. In my world, it’s like 99.999 percent.
Whether it’s the wrong configuration that makes opportunities open or the obvious mistakes caused by a lack of training, the more we take people out of the cloud security equation, the safer we are.
This returns to the “everything automation” method that most security systems will use to provide cloud security within three years. Don’t worry about your work. Someone must set up these automation processes and continually improve them over time.
The bottom line is that security will be improved and the cloud will become the safest place. As long as R&D money pours into cloud-based security, this is a conclusion that has been ignored.