This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. 2011 Gartner, Inc. and/or its affiliates. All rights reserved.

Felix Enescu

Cloud Security Trends Hype Cycle 2012

Hype Cycle Methodolgy

1

Hype Cycle for Cloud Security, 2012

Priority Matrix for Cloud Security, 2012

Three Styles of Securing Public/Private Cloud

Public Cloud

Private Cloud

Low Medium High

Security built into VM is used

Accept vendor security claims

Third-party security running on VM is used

Certification/ accreditation of system

Security is performed outside the VM

Security product certification

Security built into cloud is used

SAS 70 sufficient

Third-party security running in cloud is used

Custom/industry security assessment

Security is performed outside the cloud

No trust of the cloud

Security "Pressure"

Trust of the Cloud

Use Security Built Into the Cloud

Public Cloud

- Certification/assessment

SAS 70 is minimum gate, ISO 27001, FISMA

Community standards/shared assessments

- Security overlays

Private Cloud

- Virtualization infrastructure security features/acquisitions

- Common Criteria certification

Use Security Running in Cloud

Public Cloud

- Security workloads

- Native cloud security breakthroughs

- Hybrid models

Private Cloud

- Virtualized security products

- Separation of duties

Keep Security Separate From the Cloud

Public Cloud

- Security as a service

- Security in the "other" Cloud telecom

- Trusted intermediaries

Private Cloud

- VMsafe API, other externalization approaches

- Virtual network integration

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. 2011 Gartner, Inc. and/or its affiliates. All rights reserved.

Felix Enescu

Cloud Security Trends Hype Cycle 2012

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. 2011 Gartner, Inc. and/or its affiliates. All rights reserved.

Felix Enescu

Cloud Security Trends Hype Cycle 2012