In the past year, a growing number of organizations have come to realize that it's impossible to create a corporate environment hermetically sealed from the cloud. Still, many financial services companies may be surprised at the extent of cloud adoption: The average firm uses 844 cloud services. This march to the cloud has largely been led by employees, as opposed to IT, leading us to label 2014 "the year of the user."
Though there have been strong indicators of a maturing cloud economy, security controls still lag behind. As ongoing security vulnerabilities approach a boiling point, we can't help but expect another wakeup call in 2015. A head-in-the-sand status quo is no longer feasible. By this time next year, we will say, "2015 was the tipping point toward a proactive and secure enablement of cloud services."
1. Hackers conduct a ransomware attack against a cloud service
As cloud services accumulate sensitive corporate data, they become higher-profile targets for sophisticated attacks. Dyre set a precedent as a complex malware aimed at an enterprise cloud service, Salesforce. In a sign that "the cloud has arrived" as a destination for critical corporate data, the trend will continue with a ransomware attack against a cloud service.
2. A major cyberattack targets the Internet of Things (IoT)
Consumer applications like wearables and home automation get much of the press, but Internet-enabled sensors and actuators are quietly making their way into critical infrastructure ranging from jet engines to power plants. Cyberattacks are increasingly driven by criminal organizations seeking to extort a ransom, along with terrorist and state-backed groups seeking to cripple their adversaries. Expect a major attack on the IoT in 2015.
3. Consumer cloud services make a determined and successful foray to penetrate the enterprise
If 2014 was the "year of the user," expect consumer technology companies to make 2015 the "year of the enterprise" as they seek revenue and profits. Employees lead the way when it comes to cloud adoption, creating a demand for enterprise versions of consumer applications. More cloud service providers will join the likes of Facebook and Dropbox in their push into the enterprise.
4. Big data comes to security's rescue; security analyst becomes the new data scientist on job boards
In the face of sophisticated attacks and multiplying vectors of vulnerability, security teams are increasingly relying on big data analytics to identify attacks and protect corporate assets. Advancements in machine learning give security teams the firepower to monitor infection and data exfiltration attempts. Calling all number crunchers: Now is a good time to consider a career in cyber security.
5. The transition from data centers to public IaaS reaches a tipping point
Companies are aware of the productivity, agility, and collaboration benefits that cloud services offer, but they have stuck to the private data center path. The key factors in the tipping point toward public IaaS? Improved auditing and visibility; security and administration controls from enterprise-ready IaaS providers like Amazon, Google, and Microsoft; a recognition that enterprise-ready IaaS providers have better security investments than private data centers; and the accelerating march of targeted cyberattacks laying waste to the "my mattress is safer than Fort Knox" mindset will remove inhibitions to use public cloud computing platforms for those reluctant organizations.
6. The CEO and CISO become BFFs
As demonstrated by the Target breach fallout, the CEO is also being held accountable for security breaches. CEOs will develop closer relationships with the CISOs, whether it's in negotiating security budgets, managing risk, or briefing the board of directors. Look for these two to be attached at the hip around the halls of your local Fortune 2000 company.
7. The percentage of cloud services that satisfy proposed EU regulations doubles -- from 1% to 2%
The vast majority of cloud services will remain in violation of EU Data Protection Directive requirements. Whether it's the right to be forgotten, breach notification, or data residency, most cloud service providers are hard-pressed to comply with the proposed requirements. Don't be surprised if the EU delays or waters down these proposed regulations.
8. Businesses accept shadow IT as just IT
It's time shadow IT lost the pejorative. Businesses will come to terms with a new definition of shadow IT: tools employees need that the IT organization is not providing. This marks one small step for the worker who already uses cloud services to get his or her job done, but it's one giant leap for the cloud economy.
9. Cloud services win the security debate versus on-premises apps
Organizations will finally move their data "crown jewels" to the cloud in recognition of robust security capabilities from enterprise-ready cloud services such as Workday, Salesforce, and ServiceNow. Companies can no longer ignore the unparalleled investments in security by top-tier cloud providers and third-party cloud security vendors. This game is over, and the cloud is the victor.