Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/16/2017
03:40 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Forrester: Rapid Cloud Adoption Drives Demand for Security Tools

Cloud services revenue is poised to skyrocket from $114 billion in 2016 to $236 billion by 2020, driving the market for products to secure data in the cloud.

The global cloud services market is poised to skyrocket from $114 billion in 2016 to $236 billion by 2020. Its rapid growth is driving the market for cloud security tools, which will increase from $1 billion in 2016 to $3.5 billion in 2021.

Researchers at Forrester recently published the Cloud Security Solutions Forecast, which includes predictions of how the market for products like cloud access security brokers (CASBs), centralized cloud security management (CCSM), hypervisor security, and infrastructure-as-a-service and platform-as-a-service will grow over the next five years.

Businesses are moving more analytics and core businesses applications to the public cloud, driven by the flexibility it provides. While public cloud providers run data centers more efficiently and securely than tech managers would, cloud security is still a major concern.

Traditional security tools aren't enough to monitor data moving to and from the cloud, and between cloud platforms. Forrester found the cloud security market will grow 28% each year from 2016 to 2021 as the cloud grows in complexity and more security is needed.

Andras Cser, vice president and principal analyst for security and risk management at Forrester, says there are two key elements increasing cloud complexity. The cloud is a changing and moving target to secure, for one, and on-premise technologies aren't as effective in the cloud.

Public, private, and hybrid cloud all coexist and serve different needs and applications, the report states. More people are using sanctioned and unsanctioned cloud applications, sending data inside and outside the organization.

"Shadow IT causes a lot of concern," says Cser. Businesses are worried about the complications of monitoring data in the cloud. "If you don't understand what applications you're using, and the data in those applications, you can't understand the risks."

Data security is one of the top drivers of cloud security spend, especially the complications of monitoring data across cloud applications. Other factors include conversion from on-premise to hybrid cloud, data loss prevention, identity and access management, and compliance.

"There's a lot more concern around data security," he explains. "Companies are showing markedly more interest. Breaches are increasing, and we've seen a lot of internal security guidelines becoming more stringent."

Businesses are also recognizing a lack of good key management among cloud providers, he says. As a result, they're willing to spend more money, resources, and time on management. Many are realizing the need to automate security as they move workloads to the cloud.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

Forrester found the growth of software-as-a-service (SaaS) as slowed, but infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) are both seeing aggressive growth. More than 50% of security leaders are worried about the risk of SaaS, PaaS, IaaS, and virtualization in the data center.

More businesses are using multiple IaaS cloud providers as individual providers don't offer cross-platform security support, the report explains. For example, for AWS users, it's not easy to enable centralized security management for workloads in clouds outside AWS.

About half of security leaders prefer to use third-party security vendors to protect their SaaS and IaaS operations. Forrester found that many believe if the cloud provider gets hacked, their data is useless to hackers who have no access to the encryption keys.

"In the last two years, native IaaS and PaaS security have become an increasingly important part of the cloud security ecosystem," says Jennifer Adams, Forrester senior forecast analyst focusing on business technology and ecommerce. This is the first time IaaS and PaaS have been included in this forecast, she says, and they make up the report's fastest-growing segment.

It's worth noting that cloud tools aren't enough to fully defend against security problems.

"Solutions and technical capabilities won't solve all the problems by themselves," says Cser, noting that people and processes are also important. Technology aside, security teams must think about governance, training, communication, recertification, and vendor selection.

"I think it's improving, and people are recognizing many areas may be falling short of requirements," he continues. Cser advises businesses to take steps toward cloud security with privileged identity management, risk assessments, and data classification and discovery.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...