Anurag Kahol, Founder/CTO of Bitglass sees 2017 as a hallmark year for security in the enterprise as all industries have reached a tipping point with respect to cloud and mobile adoption, forcing more and more data beyond the corporate firewall. Over 100 IT executives weighed in on their plans for 2017 in our latest survey; buried among the responses, we identified four trends that are expected to drive demand for data security in the next year.
Many organizations are now cloud first or cloud only
Cloud adoption has exploded in the last two years, from 15% in 2014 to 39% in 2015. In 2016, deployments of cloud productivity apps like Microsoft Office 365 and Google G Suite topped 59%. When organizations look to deploy a new application, it’s often a cloud app because they offer a cost advantage, more flexibility, and are much easier for IT teams to maintain and manage.
Of the few enterprises that aren’t yet cloud, many already have a plan in place for migrating from premises-based apps. The leading concern for these holdouts is data security. How can they protect sensitive corporate data where they no longer control the application infrastructure or endpoint devices? There is increasing demand from security pros for solutions that meet a broad scope of security and compliance requirements, from cloud encryption to access controls.
Fragmented app security
Among the requirements many organizations have for the cloud are a set of security capabilities that provide the visibility and control they require for regulatory or internal compliance. Unfortunately, different apps have different capabilities. While an app like Office 365 may scan for malware and provide some visibility capabilities, other cloud apps like Slack have much more rudimentary security features.
To deal with fragmented native app security, many have turned to cloud access security brokers (CASBs) for a consistent set of policy and control capabilities – everything from DLP to cloud encryption – that work across all cloud apps. Demand for cross-app security will become increasingly important in 2017 as more premises applications are phased out in favor of equally capable, more flexible cloud apps.
Demand for mobile
As data moves into the cloud, much of it will eventually find its way onto mobile devices that are at high risk of loss or theft. Data leakage is a very real threat and a top concern for infosec professionals. Whether in healthcare, financial services, or life sciences, employees want more flexibility in the ways they access corporate data, the tools they use to collaborate, and the devices they carry. Many physicians, for example, use personal mobile devices to access sensitive patient information. Oftentimes IT has no choice but to allow access, a gap in security that can result in a costly breach.
Our survey revealed that one in four organizations see unmanaged device controls as a top priority for the coming year, more than any other security capability, simply because demand for BYOD is so pervasive.
On any smartphone or laptop, you’re bound to find a great deal of personal information – bank logins, personal email, location data, and more. But privacy is not only an issue with mobile, it’s also a challenge on laptops and desktops, where employees want to access corporate data and collaborate, but also occasionally need to conduct personal affairs. Organizations that try to block every personal application or track all of an employee’s behavior on a personal mobile device will face pushback.
As much as mobile will continue to drive demand for data security, in 2017, privacy will drive demand for a new class of security solutions that respect end-user privacy. By focusing on securing corporate data in system of record SaaS apps like Office 365 and G Suite, IT leaders can strike a balance between privacy and security that is easily rolled out across the organization and meets compliance requirements.
Data protection is now top of mind for CIOs and CISOs because of the growing frequency of breaches, the high costs associated with data leakage, and cloud compliance mandates. There’s no question that security needs are evolving as enterprises adopt a cloud-first, mobile-first strategy and that these needs will become an even greater focus in 2017. In the months ahead, keep an eye on CASB adoption, widely expected to be the leading class of solutions for comprehensive data security. And lastly, watch the mobile security space as organizations transition from mobile device management (MDM) to agentless, data-centric solutions that respect user privacy.