From Legacy to Security-as-a-Service
This year, the UK cloud adoption rate hit 88 per cent. As the technology becomes the norm, more businesses than ever are concerned about how to secure cloud environments. The frequency, sophistication and diversity of today’s global threats mean businesses need to be able to implement new security controls as quickly as they launch new cloud services, or risk losing the very advantages they moved to the cloud for in the first place.
The right people
In Alert Logic’s Cybersecurity Trends: 2017 Spotlight Report, 56 per cent of security professionals cite the lack of skilled employees as the biggest obstacle to stronger cybersecurity, and there are currently 1 million cybersecurity jobs unfilled in the US alone. These figures lead to the question as to why it’s such a challenge to find the right people to secure modern IT infrastructures.
The traditional approach to security is to buy and deploy third-party security software and then hire in-house security staff to manage and maintain it. But the flexibility of the cloud and use of integrated services requires a different skillset from securing on-premise applications, workloads and data.
Today’s constantly changing cybersecurity landscape cannot be underestimated. In-house teams are flooded with thousands of threat alerts on a daily basis - ensuring security systems are fully integrated and compatible between different components and elements of modern, hybrid IT environments is a time-consuming management task. Just staying up to date can be a challenge.
Managing continuous updates on firmware, patching, firewalls, scans, etc. can lead to internal teams simply being in a constant update cycle, without being able to invest time investigating and understanding the evolving threat landscape. If in-house teams only have time to react to threats or simply maintain systems, they won’t be able to actually understand and invest in protecting against future threats and reduce the risk of successful attacks.
Adding to the problem of the security skills shortage is the fact that every new security software release brings new functionality which, in turn, requires new skills to manage. A core advantage of cloud environments and products is that they can quickly change and grow according to business needs. But how can businesses recruit and train IT staff to keep their security up to speed with their deployments? In the end, the first hurdle of securing your cloud environment is a people and skills challenge.
Partnering with a dedicated cloud or managed security provider gives you access to a team of security specialists. Because their customer base spans multiple industries, they have a greater overview and insight into the wider security landscape - this puts them in a better position to fully understand and counter likely future threats. And with not just the threat of cybersecurity, but also the regulatory landscape constantly changing and the General Data Protection Regulation (GDPR) less than a year away, it’s vital to have access to people with the right expertise and who, to put it simply, really know their stuff.
The right approach
A well thought out security strategy upfront is at the heart of getting cloud deployments right. Security solutions built for cloud can bring benefits for businesses – as opposed to using legacy on-premises security solutions that will slow down cloud deployments. Our recent eBook, commissioned by Alert Logic, summarises some of the key benefits of taking a Security-as-a-Service approach:
- Avoiding huge upfront costs: Security-as-a-Service doesn’t require organisations to invest upfront in expensive hardware or software packages, but is instead based on a monthly subscription billing model. Often, the internal ongoing OpEx costs are also lower as functions such as patching, tuning and configuration can be completed automatically with a fully managed Security-as-a-Service deployment.
- Faster returns on security investments: Legacy approach to security also requires a lot of upfront investment in the form of time. Security-as-a-Service allows organisations to launch security solutions faster, update automatically and quickly adapt to changing regulations and industry requirements.
- Match the pace of security to your cloud: The speed and frequency of cloud deployments require a security solution that is capable of keeping pace with it. This means having security able to scale rapidly, quickly scan for vulnerabilities during building, testing and production, and deploy new environments on short notice – all capabilities unsuited for legacy approaches to security.
Cloud-based Security-as-a-Service models allow businesses to keep in-step with changing environments as they need to spin up new systems and add virtual machines to it. Using a managed security solution also means reducing risk in an ever-evolving threat landscape at a rate not possible with an on-premise deployment. This also positively impacts your core business, as the last thing you want is your new solution to be delayed by is a security system that can’t keep up.
Taking a legacy approach to security in a cloud environment is difficult. It’s expensive to do internally, harder to manage the changes needed and difficult to hire and retain the people with the skills to keep up to date with the evolving threat landscape. Using managed cloud and security partners keeps environments more secure, as they have a broader overview of the wider industry and scope to investigate. This means they’re not getting stuck on handling the day-to-day but have the capacity to build changes into their as-a-Service systems much quicker to counter the evolving threat, in turn helping in-house IT teams focus on business’ growth.
For more information about the economics of cloud security, download our New Economics of Cloud Security report, created in conjunction with our managed security partner, Alert Logic. You can also see Alert Logic’s full Cybersecurity Trends: 2017 Spotlight Report for an overview of the cybersecurity landscape in the UK, Benelux and the Nordics.