Well-Architected Frameworks for Cloud Service Providers (CSP)

 CSPs now have created thought leadership for architecting cloud-based workloads:

Amazon (AWS): https://docs.aws.amazon.com/wellarchitected/latest/framework/wellarchitected-framework.pdf

Microsoft Azure: https://azure.microsoft.com/en-us/blog/introducing-the-microsoft-azure-wellarchitected-framework/

Google (GCP): https://cloud.google.com/architecture/framework

Oracle (OCI): https://www.oracle.com/cloud/architecture-center.html

Cloud Visibility

With more organizations going to the cloud, with shadow IT, and with GDPR requirements cloud visibility seems to be the latest fad....

Microsoft & Amazon picked up on this several years ago, thus Azure Info Protection (AIP) and AWS Macie but, that does not cover them together or Google / Salesforce / Rackpsace.

So, expect this area to gain traction for several more years...

Smart Home / IoT, Threat & Vulnerability Management (TVM) & B2C Delineation for Vendors

As the smart home becomes a reality (https://www.theverge.com/2017/12/20/16799918/homekit-vulnerability-details) so does the need to monitor & patch said smart home.

But, who from a vendor standpoint will own that market / responsibility (ISPs, Utilities, Alarm / Physical Security, AV software vendors, separate vendors: Amazon / Apple / Google / Staples: Geek Squad, B2C MSSPs / SOCs)?

The answer will vary depending on the jurisdiction / age of the house, though this wrestling match is sure to come.

So, wait & see how this shakes out, because change is coming for sure.

IoT Architectures & Solution Providers

As IoT gains steam towards critical mass & orgs look to embrace it, mgmt. must ask how to deploy it properly (e.g., design patterns: http://www.internet-of-things-research.eu/pdf/Converging_Technologies_for_Smart_Environments_and_Integrated_Ecosystems_IERC_Book_Open_Access_2013.pdf) & whom to leverage for SME-based services.

Amazon, Microsoft, & Cisco (among others) have now rolled out IoT mgmt. svcs; so, who to use?

Well, if an org has a considerable investment in one of these providers then go ahead & continue on.  But, if not, the question begs who do we leverage for authentication?  If an org has Cisco ISE deployed already, then leverage that.  Otherwise, stay w/ a cloud solution.