The IT security industry has spawned an over-load of vendors selling point products with their associated acronyms - from NAC, IDS, IPS and Endpoint Security to Web Gateway, Next Gen Firewall and APT.
These products are typically deployed in some on-premise configuration, which was all very well when users, corporate applications and data were behind the corporate firewall; but things are changing. The potential attack surface has expanded from the network perimeter to encompass a completely unbounded environment of personal devices, public network infrastructure, cloud applications and service providers.
Furthermore, point products tend to be difficult to integrate together – resulting in a loss of control and visibility. At best, the CISO may get to see individual pieces of the security puzzle and has no choice but to adopt a reactive approach to security threats.
So, what’s the alternative? The trend towards cloud-based services reflects a fundamental shift towards truly integrated security and security policies, which can be defined and easily enforced, giving control back to the CISOs. This shift also delivers complete visibility across an organisation’s entire security posture.
As more of the applications and data that enterprises rely on are delivered by cloud-based services and accessed through personal mobile devices, so the traditional on-premise approach to security is no longer adequate. However, user identities, access rights and security privileges, defined and managed through a central, policy-based cloud-based service, give control back to CISOs over their enterprises’ critical data.
Ultimately, CISOs will continue to demand best of breed solutions for their organisations and make a judgement on moving towards open APIs and integration frameworks. But security vendors and resellers that are unable to deliver the entire service stack or choose to stay specialised in delivering particular areas of functionality, will need to ensure that they can interoperate within these frameworks or face irrelevancy.
It has been said that the costs of deploying and maintaining on-premise technology is akin to an iceberg – 80 percent of the true cost lies below the waterline. Costs such as buying, operating and updating hardware, software patches, upgrades and maintenance quickly add up to dwarf the costs of the initial investment. In comparison, a fully cloud-based model, delivers total cost of ownership that can be 20 percent of the comparable legacy on-premise approach.
However, with all that said, the shift to integrated cloud-based security services won’t happen overnight and there will certainly be many organisations that choose to implement a hybrid cloud/on-premise model.
However the fact remains that in 2015 may prove a tipping point. We are seeing a sharp shift towards the channel delivering cloud services and security is next on the list. Those companies still offering on-premise solutions only need look beyond the box, for there may be a time when the cloud will become the predominant way in which enterprises keep their critical infrastructure, data and people protected.
Paul Lipman, CEO at iSheriff