Blog
1

Is the Cloud Secure?

Chief security information officers need to dispel the uncertainty surrounding cloud computing.

In a world where security breaches at large corporations dominate the headlines, the ambiguity that surrounds cloud computing can make securing the enterprise seem daunting. The challenge exists not in the security of the cloud itself, but in policies and technologies for security and control of the technology. Although most enterprises are familiar with cloud, or at least the idea of cloud, misconceptions and misunderstandings about what the technology can offer are pervasive.

“Cloud computing remains hyped and widely misunderstood,” said Jay Heiser, research vice president. “Ambiguity about what cloud computing actually delivers to an organization is compounded by a variety of real and imagined concerns about the security and control implications of different cloud models.”

Read More: Why CIOs Still Need a Cloud Strategy

It can be difficult to see the future of any technology, but Mr. Heiser gathered Gartner predictions for the future of cloud security.

Through 2020, public cloud infrastructure as a service (IaaS) workloads will suffer at least 60% fewer security incidents than those in traditional data centers.

Gartner concluded that the security posture of major cloud providers is as good as or better than most enterprise data centers and security should no longer be considered a primary inhibitor to the adoption of public cloud services. However, it is not as simple as moving on-premises workloads to the cloud, and security teams should look to leverage the programmatic infrastructure of public cloud IaaS. Automating as much of the process as possible will remove the potential for human error — generally responsible for successful security attacks. Enterprise data centers could also be automated, but usually don’t offer the programmatic infrastructure required.

Exploiting IaaS infrastructure will have a slow adoption rate, and not all IaaSD providers support public cloud IaaS. Security and risk management leaders should utilize the cloud IaaS provider’s native security capabilities and integrate application security testing and other vulnerability scanning capabilities into the deployment cycle.

By 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.

Placing workloads in the cloud does not require a security trade-off. In fact, IaaS cloud providers offer features to ensure users have access only to the information they need and also track all the “who, what, when, where” details. Enterprises actually benefit from the security built into the cloud.

Read More: Why Cloud Security Is Everyone’s Business

Cloud computing does reduce the overall security scope, and it does require customers to manage some of the computing stack in a shared-responsibility model. This is a good opportunity for new types of approaches and new method adoption to protect information. The cloud will require a different approach to security; on-premises security habits and designs won’t work well for information stored in the cloud.

Security and risk-management leaders need to advise and educate their teams and the infrastructure and operations (I&O) teams about native visibility and control features offered by cloud providers. Look into cloud-aware tools to improve visibility so day-to-day security rests with the security and I&O teams, instead of the developers.

Get Smarter

Client Research
Gartner clients can view all five cloud security predictions for 2017 in Predicts 2017: Cloud Security. This research is part of the Gartner Special Report “Predicts 2017: Lead, Follow, or Get Out of the Way: A Gartner Trend Insight Report,” a collection of research that focuses on predictions that enable companies to plan strategically for both expected and unexpected change.

Gartner Events
Data center issues and IT operations will be further discussed at the Gartner IT Infrastructure, Operations & Data Center Summits 2017 in Sao Paulo, Brazil, Mumbai, India, Sydney, Australia, and at the Gartner Data Center, Infrastructure and Operations Management Summit in London and Las Vegas. Follow news and updates from these events on Twitter using #GartnerDC.

These topics will also be discussed at the Gartner IT Operations Strategies & Solutions Summit 2017 taking place May 8-10 in Orlando and at the Gartner IT Infrastructure & Operations Management Summit 2017, June 12-13 in Frankfurt, Germany. Follow news and updates from these events on Twitter using #GartnerIOM.

Digital Risk & Security Hub
Visit the Gartner Digital Risk & Security hub for complimentary research and webinars.

You may also like
Identity and Access Management in the Digital Age
Could You Mitigate a DDoS Attack?
5 Trends in Cybersecurity for 2017 and 2018
7 Top Security Predictions for 2017