Three Major Developments That Will Change Cloud Security In 2018

February 28, 2018 Off By Hoofer

Written by Tim Mullahy

The cloud is constantly changing – both for better and for worse – as is its security landscape. Here are just a few of the big trends we’ll see this year.

While some fear-mongers in the media might have you believe otherwise, the cloud is actually quite secure – in some cases, even moreso than traditional infrastructure. That isn’t to say there aren’t still challenges, mind you. The cloud’s cybersecurity profile and threat landscape are constantly (and rapidly) changing.

New threats are constantly on the rise, with security experts constantly puzzling over new problems and challenges. Today, we’re going to talk about just a few of the developments we can expect to see in 2018, for better and for worse.

Better Regulations Around ERP Apps

A good Enterprise Resource Planning app can do a lot to simplify workloads and reduce overhead. The main issue is when those ERP apps are hosted in the cloud – as they often are. The issue, according to the Cloud Security Alliance, is that when the workloads for ERP are hosted in the cloud rather than an on premises data center, both the enterprise and the vendor share responsibility for keeping ERP data safe.

To that end, the CSA – an agency responsible for driving forward many of the current security standards and regulations in cloud computing – has published a paper titled The State of ERP (Enterprise Resource Planning) Security In The Cloud. This will likely be the first of many papers discussing the issue, and the end result is likely to be a more robust, comprehensive set of standards and regulations for ERP providers. Given how many of the world’s largest organizations currently use Cloud ERP, this is definitely something to watch.

The Challenge of IoT

"We finally just got cloud security right," laments InfoWorld’s David Linthicum, "and now we’re screwing it up with new thermostats and copiers that make all that good security worthless."

He’s not wrong. As the Internet of Things grows more pervasive, so too do the security risks it represents. See, most IoT devices have downright abysmal security – they were created by device vendors, not cybersecurity experts.

That means they’re easily hacked, and can be used as a springboard to access anything they’re connected to. That’s a problem for more than just the cloud, of course. But the cloud is inarguably going to form much of the technological backbone for IoT.

Not only will cloud platforms be invaluable for provisioning updates and reducing computing demands, they’ll also serve an important role in data analysis and endpoint management. This also means that they may be vulnerable to the security shortcomings of said endpoints, however.  

"This is going to be a huge issue in 2018 and 2019; many companies will need to get burned before they take corrective action," continues Linthicum. "The corrective action for this is obvious: If the IoT device-no matter what it is-cannot provide the same level of security as your public cloud provider or have security systems enabled that you trust, it should not be used."

Criminals in the Cloud

By now, the cloud has officially reached maturity. Everyone is aware of the value it brings to enterprise, and more organizations than ever are looking into IaaS, PaaS, SaaS, and more. Unfortunately, this is a trend of which criminals are keenly aware, as well – and in 2018, their techniques are likely to grow more advanced than ever.

Already in 2017, we saw the advent of cloud-based malware and ransomware. Moving forward, such threats are likely to grow more prevalent. Security guidelines for both private and public clouds are thus more important than ever, and it’s imperative that your business implements a cloud decision model to identify and address potential risks.


About the Author

Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.