The protection of essential workloads and applications from cybersecurity threats has traditionally been managed in-house by enterprise IT teams. It has typically consisted of installing appliances at places in the overall IT set-up that appear most vulnerable to attack. Given the complexity of today’s multi-cloud strategies and the changing nature of the threat landscape, that’s a bit like guarding against the risk of a flood with barbed wire.
It’s not that barbed wire doesn’t have its uses. It’s more that protection needs to be correctly aligned with the nature of what it’s protecting against, and that is increasingly not the case. A global economy that is now reliant on cloud needs security to match. It needs security that is designed to mirror the high elasticity of cloud environments, offering capacity can scale up or down dynamically based on needs. This may be why many organisations are now considering cloud-delivered security or cloud-delivered threat intelligence, in other words security technology that’s designed to protect critical infrastructure, applications and data in the cloud. The job of protecting, testing, automating and analysing against cloud risk – all of that needs to become cloud native.
This might well be in the form of security-as-a-service. Cloud-delivered security of this sort introduces a measure of simplicity, with the provider of the technology responsible for updates and maintenance. It is a different cost model entirely from one that demands endless up front capital expenditure on additional appliances, replacing it with a monthly subscription.
It’s not just a matter of cost. Traditional security was simply not designed with the cloud in mind, and so stores up problems with complexity and administrative effort all while offering incomplete protection. Cloud-delivered security deals with this, and also reduces deployment time by cutting out the need to set up the kind of physical infrastructure normally associated with security and networking. Plus workers and workloads are everywhere these days, not contained within a tight perimeter. Cloud-delivered security works better in this context, being as ubiquitous as the applications it is guarding. For cybersecurity to be everywhere, it has to be delivered as a cloud-based service. Security delivered as a service also helps you to sidestep the significant skills shortage that currently bedevils IT departments looking for new cybersecurity talent.
So are there any warnings to bear in mind when considering cloud-delivered cybersecurity? Well, there are some questions that need to be got out of the way. Does the security service you have in mind have all the functionality you might need? Have you thought through the whole issue of privacy, given that you might be asking a third party to take charge of your security? Are there data residency laws in your geography that might affect your thinking? What about regulatory compliance?
The following virtual event will look at this topic in the round: https://www.netevents.org/events/enterprise-migration-to-the-cloud-getting-the-network-right/
Chaired by Fernando Montenegro, Senior Principal Analyst, Cybersecurity Infrastructure Security Intelligence Service with analyst firm Omdia, it also features the following major names:
- Haiyan Song, Executive Vice President and the Head of Security at F5
- Chad Skipper, Global Security Technologist in the Network and Advanced Security Business Group, VMware
- Sashi Jayeratnam, Senior Director of Product Management for Security Solutions, Spirent Communications