Gartner Blog Network

The Evolution of Cloud Security

by Neil MacDonald  |  February 25, 2010  |  3 Comments

I’ve researched virtualization security as it has evolved over the past several years, and I’ve come to the conclusion that Cloud Security (which is quite similar conceptually to virtualization security to begin with) will follow the same evolution:

Phase I: Organizations are focused on how to use the Cloud securely. That’s pretty much where we most of us are now.

Phase II: We start moving some of our security controls to the Cloud. This gained traction in 2009 and will be big in 2010. For example, web security gateway functions – see the “Cloudification” section in my post on the Top Six Trends for 2010.

Phase III: Using the Cloud to do things better than we can with our own on-premises equipment. Not only because Cloud-based computing should be an inherently more secure computing model, but for using the Cloud in ways that we can’t readily do with on-premises equipment. I’d be interested in your examples in addition to a few from my list:

  • Building more accurate models and heuristics of malware and malicious activity based on broad visibility and having more computing power to perform the analysis
  • Massively parallel static analysis of source code and binaries
  • Security that roams with the user as they move among networks we don’t own or control.
  • Real-time ‘reputation services’ that correlate information across multiple logical entities simultaneously – e.g. IP addresses, user identities, URLs, email and file objects.

That’s just a few of the emerging applications I envision.

No doubt, getting our usage of cloud-based computing secure is foundational. But that’s just the beginning of what is possible.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: cloud  next-generation-security-infrastructure  virtualization-security  

Tags: cloud-security  next-generation-security-infrastructure  virtualization-security  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on The Evolution of Cloud Security

  1. Philam Osi says:

    Cloud computing is getting bigger and popular now. More and more companies are adopting it. For the security, I’m sure they already studied that long time ago. However, it could be improved more once tested..

  2. Jay Heiser says:

    I’m not at all sure that ‘they’ studied it long ago.

  3. Neil MacDonald says:

    Philam, I mostly disagree (to Jay’s point), but partially agree.

    Let me explain.

    The Cloud isn’t one thing, so securing the Cloud can’t be one thing either. In Gartner’s Cloud architecture, the upper layers of Cloud Services (like Software as a Service) – procuring secure Cloud services can build on what we already know about procuing and secuing SaaS – like We can also build on our knowledge and experience with dealing with outsourcers and how to incorporate security and SLAs into these types of offerings.

    But the Cloud is much more than this and some layers of the Cloud we have almost no experience in dealing with security – e.g. Application Platform as a Service and Infrastructure as a Service. Here, there are many alternatives and I wouldn’t agree that this is well known or well understood nor have standards of due dilligence been established.


Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.