Hardening network perimeters is an essential concern for enterprises with corporate data to protect, but as businesses allow more and more access to their corporate assets through the cloud, traditional definitions of the perimeter dissolve into thin air. As privacy concerns occupy more space in public discourse and Congress addresses those concerns with new and evolving regulations, the importance of cloud security may very well take center stage in 2013.
Prediction 1: There Will Be Breaches in Cloud Security
In 2012, we saw high-profile security breaches, and 2013 will prove more of the same. This is not to say that armies of hackers are on the move; rather, mistakes happen because networks are configured by humans. These mistakes happen regularly. But, this year, a large-scale data breach that affects multiple companies will occur, like one of many we saw in 2012. This time, however, it will be at a cloud service provider. This may shine a light on the fact that companies need to take responsibility for encrypting and securing data no matter where it is being stored. This includes ensuring they are responsible for their own encryption keys and not relying on cloud providers to manage their keys for them.
Prediction 2: More and More Companies Will Sell Insurance to Cover Data in the Cloud
Data breaches can mean great financial loss. As businesses look for ways to mitigate losses in case of data breaches, companies will seek insurance to cover data in the cloud. This will give rise to this emergent area of insurance. As with any other type of insurance, prices are subject to assessment of risk. Companies with more stringent and effective security in place will be able to secure better prices. This need to check company security practices will also fuel growth in the business of cloud security audits and assessment.
Prediction 3: Congress Will Enact a National Safe-Harbor Law
When a data breach does occur, a major concern for enterprises, particular large, national and multinational corporations, is how and when to comply with requirements to notify the public of the breach. As with the safe harbor provisions in our national HIPAA and HITECH guidelines that protect companies and practitioners in the healthcare industry, Congress will need to address the same need for protection in the cloud security space that will provide safe harbor to companies that experience data breaches if they have acceptable encryption practices in place.
In conclusion, the need to keep private data private will not change, no matter how it is stored or accessed. The need for proper encryption holds true for data stored in data centers on corporate campuses or in the cloud. Addressing this need proactively will help to mitigate costly financial loss in case of a breach.
Cloud Access give you their three cloud security predictions for 2013.