As we begin 2014, we have the opportunity to review the past and look to the future. Here at CloudPassage we talk to organizations implementing cloud computing every day, and we have designed our security solutions to address these cloud environments. So what do we predict for the new year? Here are our 5 cloud predictions for 2014:
1. Cloud First for New Applications: We’ll see a significant increase in the number of companies that will rely on the cloud for new applications. As we talk with our customers, we are seeing more companies that are relying on Infrastructure-as-a-Service (IaaS) infrastructure for new application development and hosting. Also in our 2013 survey, almost 40% of companies using the public cloud are deploying all of their new applications in the cloud. (View the blog post on these survey results.) This will continue to grow as cloud platforms include more enterprise features and businesses become more aware of purpose-built cloud security options.
2. Concerns with Security: This is the dichotomy of cloud. While the vast majority of organizations have deployed cloud computing in some form, those that don’t make the move to cloud make that choice because of security. Every survey conducted over the past two years (e.g. surveys by 451 Research, CloudPassage and IDG Enterprise) reflects that security is the primary cloud adoption concern. With the number of enterprise breaches, coupled with concerns over government surveillance and state-sponsored espionage, this will likely continue in 2014. At the same time, market experts (CloudPassage included) will continue to educate this market on cloud security best practices and enterprise cloud success stories.
3. The Year of Cloud Governance: As cloud computing has now become mainstream, organizations will start developing governance of their cloud systems. In an AWS re:Invent 2013 session, Forrester Research analyst, James Staten discussed the requirements of cloud governance. (See a blog post summarizing this session.) With more dependence on the cloud, including business-critical applications, organizations will work to apply consistent policies and risk management to these environments.
4. Automation as Table Stakes: In 2013, IT automation came into its own for sys admins. DevOps became a credible job title (Indeed.com currently shows 853 jobs with “DevOps” in the title) and both Puppet Labs and Chef raised additional funding of $30M and $32M, respectively. 2014 may be the year for end-to-end IT automation, with security automation rounding out the IT automation lifecycle. While Neil MacDonald from Gartner predicts that automation for enterprise security won’t arrive until 2015, leading-edge enterprises, have been actively investing in and deploying security automation products since the beginning of 2013. (Citrix ShareFile is a great example, check out this webcast). Manual security is so unsustainable in cloud environments, security automation will likely become table stakes for cloud-enabled enterprises in 2014.
5. Heterogeneity and Portability: Although organizations will be relying more on the cloud, they will be relying less on any particular cloud platform. Cloud brokers will become more commonplace (see 451 Research report), connecting organizations to the right cloud resource to meet their needs. With this greater portability between cloud platforms, organizations will demand security and transparency guarantees in their SLAs. They must be able to know where their data is located and apply proactive security. Organizations will also demand a centralized view of security and operations this year. Security will need to run on any cloud platform as well as on any on-premise data center servers, and on-premise security operations tools will need to integrate across data center and cloud platforms.
What began as a disruptive technology for both businesses and consumers, is now becoming a fundamental computing infrastructure. In 2014 we will see cloud computing mature, with organizations taking a more knowledgeable approach to cloud security, governance, and infrastructure strategy.
*Note: This post was revised January 3rd, 2013