A recent report by Forrester Research entitled “Security and the Cloud” has predicted that the cloud security market will grow to $1.5 billion by 2015. The security areas that will be the main focus are data security, identify and access management, application security, and cloud governance. It is expected that organizations will invest in cloud security projects which, as Forrester analyst Jonathan Penn says, “ will create a whole new category of revenue for the security market.”
This past year, more organizations have indicated concerns about cloud security with more attention paid to this area when considering acquiring the cloud from a cloud provider. In the report, Penn noted that “tailoring solutions for the cloud is not simple and requires far more than improving scalability.” It is expected that cloud vendors will spend more time and effort educating themselves and potential customers about how cloud security works in order to alleviate security concerns. In the report, Penn notes, “many vendors do not truly understand the difference between enterprise-class and provider/carrier-class solutions.”
The report also indicates that governance, compliance, and risk, will become more organized and there will be more automated methods to compliance and governance. Penn writes in the report, “products need a range of hooks and APIs to support providers’ proprietary tools, configurable interfaces and portals, … and a change in consumption model.” As well, Identity Management (IDM) will also extend past the users of the cloud to include data, applications, and various devices. Cloud providers should include operation visibility as a fundamental focal point as well as the need to create and publish improved cloud industry standards. Penn notes, “adopting organizations need more detail and concrete assurances of operational practices—such as specifying both the control technologies and policies in place, access to system logs, and regular communication of results from security scans—rather than relying on general contract language.”
In summary, the “Security and the Cloud” report suggests that there should be a revising and improvement of all cloud hosting security standards with the understanding that not all clouds are the same so security requirements will not be the same for all clouds. It will often depend on what the customer wants and needs for their particular Cloud.