Home / Blogs

A Cynic’s View of 2015 Security Predictions - Part 2

Every year those in the security industry are bombarded with various cyber security predictions. There’s the good, the bad and the ugly. Some predictions are fairly ground breaking, while others are just recycled from previous years—that’s allowed of course if the threats still stand.

In part one of my predictions I looked at the malware threats, so let’s take a look at big data and the cloud for part two.

The predictions made by the security community for 2015 related to “big data” and “cloud” were common—but notable for their lack of detail. It’s almost like unwilling commentators were told to come up with a top-five or top-ten predictions for the year and that they must include something about both of them.

The term big data has been adopted with a voracious appetite by vendor marketing teams. Five years ago as you trudged around the annual RSA USA event halls you’ll have encountered only a handful of vendors offering specialized enterprise-level security solutions. In 2014 it was difficult to find a vendor booth that didn’t mention it (albeit with little understanding of what it meant in reality).

As far as predictions for big data went, the common perspective was that big data will become more important, that the existing Security Information and Event Management (SIEM) market will have to reinvent itself in light of the overwhelming volume of data, and that machine learning was the key to extracting value of the caches of security logs now being collected.

Is big data a cure?

A lot of people are placing large bets on big data being a cure for many of the threats we face today. There’s almost a religious fervour to the movement as new companies and products are springing up on what appears to be a weekly basis. A sizable fraction of the newest and most interesting companies have been spawned out of university incubators and are backed by an entourage of recent PhD candidates along with their latest machine learning papers.

Adding scientific rigor to the process of combating cyber threats is good news, but only a handful will manage to survive the next couple of years. We can hope that the best ideas and most successful inventions will be acquired and absorbed in to the suites of the larger vendors—because there is little scope for the majority of enterprise security teams to deploy and manage these complex widgets independently.

Looking to the future

When people discuss big data they cannot help but cluster it with discussions of ‘the cloud’. In many ways the cloud has attained a degree of mysticism that even a technophobe could appreciate. The cloud is infinite; everything will be alright in the cloud (hmm).

Predictions for the cloud in 2015 can be best summed up as, “It’ll get hacked”. Well, to be more precise, at least one of the major cloud providers will be hacked and woe behold anyone who’s dependent upon the cloud to host their business.

Now, as predictions go, it’s worth pointing out that for all the reasons legitimate businesses move operations and tasks to the cloud, so too have the bad guys. Ergo the cloud is already a hotbed for hacking—both as a target and as a source.

If the predictions were more specific—such as a major cloud provider will be hacked and all the data of their customers will be irretrievably lost—then I’d have to say that is highly unlikely.

The caveat being that, as a business operating within the major cloud provider, your own hacked credentials weren’t used against you to delete everything (including the backups that you unfortunately also stored in the same cloud). Don’t laugh—this has happened numerous times in the past, and several of those businesses no longer exist.

By Gunter Ollmann, CTO, Security (Cloud and Enterprise) at Microsoft

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API