Security is on every business and IT decision makers’ mind – and with the average cost of a breach estimated to be $4milllion (opens in new tab) and 63 per cent (opens in new tab) of cyber security professionals anticipating a successful cyberattack on their organisation in the next year, who can blame them?
More specifically, with UK cloud adoption rate now at 88 per cent (opens in new tab), cloud security is the big challenge to get right. As the frequency, sophistication, and diversity of global threats continue to increase, businesses need to be able to implement new security controls as quickly as they launch new cloud services. Otherwise, they risk losing the very advantages they moved to the cloud for in the first place. Perhaps not too surprisingly, however, the answer to cloud security concerns may be in the cloud as well.
From legacy to cloud security
The traditional approach to security used to be to buy and deploy third-party security software and then hire in-house security staff to manage and maintain it. But the flexibility of the cloud and use of integrated services makes it differ from securing on-premise applications, workloads and data. It requires investing in different tools, implementing new processes and finding staff with the right expertise. The business economics of the traditional approach therefore no longer apply to organisations now utilising cloud or hybrid environments.
Having a well thought out security strategy upfront is key to getting cloud innovation right. Security solutions built for cloud can bring benefits for businesses – as opposed to using legacy on-premises security solutions that will slow down cloud deployments. An eBook recently commissioned by Alert Logic (opens in new tab) summarises some of the key benefits of taking a Security-as-a-Service approach:
Avoid huge CapEx and OpEx costs: As with other cloud solutions, Security-as-a-Service doesn’t require organisations to invest upfront in expensive hardware or software packages, but it’s based on a monthly subscription billing model. Very often the ongoing OpEx costs are lowered as functions such as patching, tuning and configuration can be completed automatically with a fully managed Security-as-a-Service deployment.
Faster returns on security investments: As well as money, a legacy approach to security also requires a lot of upfront investment in the form of time. Security-as-a-Service allows organisations to launch security solutions faster and quickly adapt to changing regulations and industry requirements.
Keeping up with the cloud: The speed & frequency of cloud deployments require a security solution that is capable of keeping pace with it. For cloud security, this means being able to scale rapidly, quickly scan for vulnerabilities during building, testing and production, and deploy new environments on short notice – all capabilities unsuited for legacy approaches to security.
There’s a clear speed to market advantage in using a cloud-based Security-as-a-Service model – it means you can keep in-step with your changing environment as you spin up and add virtual machines to it. Running updates with a managed security solution also means that you’re reducing your risk in an ever-evolving threat landscape at a rate you can’t achieve with an on-premise deployment. This also positively impacts your core business, as the last thing you want is your new solution to be delayed by is a security system that can’t keep up. However, it’s not just the technology that needs to keep pace, it’s the people as well.
People = security & expertise
In Alert Logic’s Cybersecurity Trends: 2017 Spotlight Report, 56 per cent of security professionals cited the lack of skilled employees as the biggest obstacle to stronger cybersecurity. The size of today’s cybersecurity landscape cannot be underestimated. In-house teams are inundated with thousands of threat alerts on a daily basis. Ensuring security systems are fully integrated and compatible between different components and elements of your IT environment is a time-consuming management task.
The task of staying updated alone is difficult to manage as it can include: firmware, patching, firewalls, scans, etc. All of this can lead to internal teams simply being in a constant update cycle, without being able to invest time in investigating and understanding the threat landscape. This is important as, if in-house teams are constantly only reacting to or simply maintaining threats, they won’t be able to actually understand and invest in protecting against future threats and reduce the risk of an attack.
What’s more, if a cloud environment and products are constantly changing and growing, how can a business recruit and train IT staff to keep up to speed, when every new security software release brings new functionality and requires new skills. Ultimately, security ends up being a skills and numbers game.
Partnering with a dedicated cloud or managed security providers gives you access to a team of security specialists because their customer base spans multiple industries, they have a greater overview and insight into the wider security landscape - this positions them to fully understand and counter likely future threats. And with not just the threat of cybersecurity, but also the regulatory landscape constantly changing and the General Data Protection Regulation (GDPR) less than a year away, it’s vital to have access to people with the right expertise and who, quite frankly, know their stuff.
Ultimately, taking a legacy approach to security in a cloud environment is difficult and is the reason why many organisations are opting for fully managed, cloud-based Security-as-a-Service solutions. It’s expensive to do internally, harder to manage the changes needed and difficult to hire and retain the people with the skills to keep up to date with the evolving threat landscape. Using managed cloud and security partners can keep environments more secure because they have a wider reach and scope to investigate, more dedicated resources and professionals to stay abreast of industry developments, and can build changes into their as-a-Service systems much quicker – ensuring businesses can focus on business’ growth, confident in the knowledge of having the appropriate safeguards in place.
Gary Smallman, Director of Operations, Navisite (opens in new tab) Europe
Image Credit: Faithie / Shutterstock