Cybersecurity is the fastest-growing security market ever, and 2015 was a pivotal year in many respects. I recently sat down with Gil Zimmermann, CloudLock’s CEO, to reflect on the monumental market growth we’ve seen to date, and get his thoughts on where everything is headed as we move into 2016 and beyond.
Long Blog Post Ahead!
Low on Time? Get a FREE Cloud Security Assessment Now
To what driving forces would you attribute the exponential growth we’ve seen in the cloud security space?
Organizations are experiencing a very unique, hyperscale amalgam of sea changes all at once, each one representing a huge tectonic shift in IT. Each of the driving forces is overwhelmingly positive, with major rewards in the form of productivity and cost savings. But, they also raise new risks that must be addressed, and that’s where the responsibility lies. The four biggest areas of movement are:
BYOD (Bring your own Device)
We already live in a BYOD world where work is no longer a place you go each day, but a thing you do wherever you are. The days of a contained network perimeter are over. Your network now expands to wherever your users work, and therefore data, no matter the corporate intentions, is at risk.
BYON (The Network Effect)
Everyone and everything is hyper-connected these days. Information is a commodity that can and will be shared instantaneously to huge audiences. It’s no longer even just about social networks, it’s also about application networks. Everything has immeasurably higher value when it’s interconnected.
BYOA (Bring your own Apps)
The scope of shadow productivity – or shadow IT as many still refer to it as– has widened. It’s no longer contained to data being shared within applications. Users will no longer wait for IT to provide them with sanctioned productivity tools. They are accessible to be leveraged, and they will be leveraged instantly when possible.
Cloud-First Effect
The use of cloud technology has expanded beyond sanctioned subscription SaaS applications customers are buying. Organizations are now also relying on cloud for internal apps they build, and for commercial apps they take to market. The same risks and effects above apply equally across the board. Organizations are now mandating that their future IT stack be built with a cloud-first approach.
How have attitudes toward cloud security changed as a result of these driving forces?
When you look at the collective mindset before and after 2015, it’s clear that this past year was a huge inflection point along the cybersecurity timeline. Some key highlights:
Shared responsibility in the cloud is now clear.
Responsibility for security in the cloud used to be a big grey area, with many wondering which security measures fell on their shoulders, and which security measures were built-in by the cloud service providers. The smoke has finally cleared, with resounding acceptance of the shared responsibility model.
Cloud service providers are responsible for the physical, legal, operational, and infrastructural security of the technology they sell. We, as businesses and users, are responsible for the secure usage of the underlying cloud services. Creating, modifying, storing, sharing, and accessing data in the cloud, are not risky actions in and of themselves. But it’s how users decide to share, with whom, and what type of data, that ultimately determines the risk the organization is taking on by leveraging cloud.
Cloud Access Security Brokers (CASBs) now have a clear definition and purpose.
What started as a loose list of suggested capabilities became a clear-cut service with a concrete definition in 2015. Gartner coined the term CASB to describe a particular set of cloud security solutions with clear requirements to address visibility, compliance, data security, and threat protection. This was also the year we saw CASBs make the full transition from being a ‘nice-to-have’ to a 100% mandatory asset to any full-coverage cybersecurity arsenal.
People are now looking beyond the network perimeter.
Before the onset of the cloud, IT teams tended to view their organizations’ networks as walled gardens. They thought as long as the wall around the perimeter was strong enough, no bad guys could get in. Stuck in this mentality, organizations risk overlooking the fact that their garden may already have a bad seed in it, or that invasive weeds could sneak their way through the soil and under their wall from the outside.
With the ubiquity of cloud applications and the high distribution of users, it’s become much clearer that this mentality no longer applies. Beyond just employees of a given organization, you’ve got vendors, partners, consultants, etc, all with a potentially high level of connectivity to your environments. Organizations have now accepted that users are more distributed than ever, and the growing majority of data and user traffic is happening outside the perimeter and cannot be rerouted to the network.
The cloud is now widely embraced as a secure space.
Old-time “cloud security” did not focus on cloud applications, and perpetuated the no-longer-realistic idea of a solid network perimeter. Nowadays, people are favoring cloud-native security solutions that address the newly extended perimeter.
Forward thinking security professionals are realizing that investing in security that is native to the cloud – rather than just an on-premises solution hosted in the cloud – is the only way to get full coverage. Plus, organizations are finding that they can integrate cloud-native solutions with their existing on-premises security solutions, making the cloud not only a secure-enough space, but the most secure space.
Where do you see it all going from here?
Analyzing the market evolution in stages, the trajectory becomes clear. Pre-2015 was the era of single cloud protection. Organizations were looking for a tool that would protect the select cloud application or platform they were using.
Around 2015, we saw a shift toward a multi-cloud mentality. Organizations quickly standardized on SaaS, utilizing many cloud applications at once. They no longer needed a tool, but rather a product or a suite of products that could unite, monitor, and secure a multi-cloud environment.
I believe that in 2016 and beyond, we will see this demand evolve and become much more sophisticated. We are moving into the era of the cloud cybersecurity platform. We will begin to see cybersecurity solutions embedded into applications. Cloud security operations centers will fully take shape. Organizations will be able to use cloud security to elevate the functionality of their existing infrastructure. Orchestration between applications will reach new heights, with cross-platform communication and integrations that give companies unparalleled visibility and control.
Is Cybersecurity a Big Deal In Your World?
We make it easy. Request a Free Security Assessment, cost and commitment free, to uncover vulnerabilities across your entire cloud environment– SaaS, PaaS, IaaS, and IDaaS:
Expose compromised accounts, cloud-native malware, or data security violations
Validate adherence with internal or industry-governed regulations – PCI, HIPAA, FERPA, and more
Receive a business analysis, mapping findings to your organizational goals