Cloud use continues to grow rapidly in the enterprise and has unquestionably become a part of mainstream IT.
In fact it will take up a quarter of total IT budgets in 2016, according to IDG’s 2015 enterprise cloudsurvey.
Of course this mass migration to the cloud is essential for most businesses to compete today – to be able to rapidly adopt and deploy new services, to scale up or down in response to demand and to meet the expectations of employees and customers in the digital world.
But it also opens up new security and compliance threats that organisations will need to recognise and tackle. In that same IDG cloud survey security came out as the top cloud challenge, cited by nearly two-thirds (64 per cent) of enterprises.
Put simply the combination of more and more sensitive data in the cloud and the vast number of cloud services each organisation uses means there needs to be a better way of managing or orchestrating the security across those environments.
The wake-up call here for CIOs and CISOs is that most cloud security failures are not the fault of the cloud provider – for many organisations moving to the cloud is actually an upgrade on their own security. According to Gartner 95 per cent of cloud security failures will be the customer or user’s fault, through to 2020.
The move away from the traditional PC-centric environment to unmanaged mobile devices is another key factor here. Take a common example of an employee wanting to copy data to their smartphone from a CRM tool via the Salesforce app. The problem is that they have the credentials to go to that cloud service and access that data but with an untrusted and unmanaged device. Now multiply that situation across all an organisation’s cloud services and user devices.
There is clearly a need for better cloud control tools across the cloud stack. Large organisations may have hundreds or even thousands of cloud services being used by employees – some of which they probably don’t even know about. It is impossible to implement separate controls and polices for each of them.
To ensure enterprises can securely reap the benefits of cloud and meet compliance and governance requirements the security industry needs to enable them to be able to more easily provide security policies and controls – such as two-factor authentication, data leakage prevention and encryption – on top of these cloud services and applications.
That’s why I believe we’ll see the rise of so-called ‘broker’ security services over the coming months and years. These brokers will enable consolidated enterprise security policy enforcement between the cloud service user and the cloud service provider. That’s backed up by Gartner, which predicts 85 per cent of large enterprises will use a cloud access service broker (CASB) by 2020, up from fewer than five per cent today.
This will be driven by the need for a new model of cloud security that enables the centralised control or orchestration of the myriad cloud services and apps employees across the enterprise.