Cloud Migration Fuels Security Concerns
While most mission-critical enterprise data and applications remain on-premise, these workloads are inexorably moving to the cloud. Forrester Research estimates global cloud services are growing at an annual rate of 30 percent.
As the enterprise shift to the cloud gathers momentum—Forrester forecasts the global cloud services market will reach $236 billion by 2020—the cloud security market is also expanding in parallel. The market researcher pegs the global cloud security sector at $3.5 billion by 2021. That works out to a healthy 28 percent annual growth rate over the next five years.
"Securing data and applications that reside in the cloud is increasingly critical as more mission-critical apps and high-value data and intellectual property move to the cloud," Jennifer Adams, a Forrester analyst, noted in a recent blog post. "Traditional perimeter-based security tools do little to protect cloud workloads."
In response, some security vendors are pitching cloud-native approaches they claim offer more protection for, as an example, sensitive databases.
Those warnings along with a seemingly endless series of high-profile hacks and malware exploits have heightened concerns about cloud security and the need to "bake" security into IT infrastructure.
In the meantime, overall security software spending is forecast to grow by 10 percent over the next year. Forrester reckons 2016 global spending reached $24 billion. The market analyst identified four areas where security spending is currently focused: cloud security gateways, centralized cloud security management, hypervisor security and hardening infrastructure and platform services.
Growing awareness about cloud security has prompted large IT infrastructure players such as Cisco Systems (NASDAQ: CSCO), Hewlett Packard Enterprise (NYSE: HPE) and Microsoft NASDAQ: MSFT) to acquire cloud security startups. For example, Cisco acquired Cloudlock in August 2016 for $293 million.
"These well-funded new entrants will help drive growth by incorporating cloud security solutions into their overall product offering," Adams noted.
Indeed, there is no shortage of security tools emerging as malware and ransonware attacks like WannaCry quickly spread across the globe. Software security concerns also have been heightened by a software supply chain rife with security vulnerabilities and outdated, unpatched versions of widely used software components.
Along with a buggy software supply chain, another emerging vulnerability is cloud-based databases. Cloud security vendor RedLock reports finding that standard security practices such as keeping sensitive databases on-premise are being largely ignored. The vendor found that 31 percent of databases hosted in public clouds were accepting "inbound connection requests" from the Internet. Making matters worse, RedLock said 93 percent of public cloud platforms allowed unrestricted outbound traffic.
That "could potentially enable attackers to make off with sensitive data without the affected company even knowing," the company warned.
The security vendor further argues that the ephemeral nature of cloud workloads—an average of only 127 minutes, it reported—adds to the public cloud security challenge.
Then there are organizational issues: "Various lines of business continue to adopt public cloud services in their own silos, opening up security and compliance blind spots," RedLock added.