European small- and medium-sized enterprises (SMEs) see value in security as a service and are signing up with confidence through value-added resellers (VARs), according to cloud-based security supplier iSheriff.
“Companies are being introduced to the concept by trusted partners and consequently most of their questions are around the benefits,” said John Cassidy, president, Europe, iSheriff.
“VARs are taking the concept to existing customers and offering either an on-site demonstration or proof of concept deployment,” he said.
The company claims to provide the simplest and most cost-effective way to protect devices and data from digital threats through an integrated suite of technologies.
These include web-filtering and malware protection, advanced endpoint anti-malware and application controls, antispam, and email threat prevention.
“Companies like the fact that we provide a single dashboard for managing a range of technologies with a single set of policies, which also enables better reporting and easier management,” said Cassidy.
Read more about cloud-based security services
- Mobile security software-as-a-service (SaaS) provider Lookout is betting on its cloud-based big data analytics capability to attract enterprise customers.
- The AWS Key Management Service is a good tool for cloud encryption key management.
- The first Cloud Security Spotlight Report shows broad cloud adoption and move towards workload security.
SaaS provider keeps patches current
The biggest uptake lies in organisations with 100 to 5,000 employees, that are seeking comprehensive security services without the need to invest in hardware, software and ongoing maintenance.
Security as a service includes real-time software updates, which iSheriff is doing at the rate of around six every day. This means that software is always fully patched and threat detection up to date.
The iSheriff Cloud Security Network is fully virtualised, enabling rapid datacentre expansion and scalability for customer organisations.
“Recent customers include a water authority, a port authority, an insurance company and a legal firm,” said Cassidy, who is based in Dublin, Ireland.
“We are seeing a mix of industries as well as interest from the public sector, which is increasingly required to demonstrate efficiency and transparency in all they do.”
The company is headquartered in the US, but has 25 datacentres worldwide connected to the company’s global private backbone network, with more than 1,000 points of access.
The network also enables global redundancy, routing customers to the nearest datacentre according to agreed policies.
Locally stored data and standards
“With over half our datacentres in Europe, we can assure organisations their data will be stored only in Europe,” said Cassidy. For this reason, he said being US headquartered is not a problem.
Early this month, iSheriff announced new datacentres in Switzerland, Israel, Romania, Poland, Iceland, Belgium, Austria and the Isle of Man.
Customers simply select the regions where their policies and log data are stored to comply with local data privacy regulations.
According to Cassidy, iSheriff selects datacentres that meet safety and security standards, including ISO and SSAE16.
These provide network security standards as well as standards for who has physical access to the datacentre. They determine the physical security and safety standards of the datacentre.
The datacentres used by iSheriff comply with the leadership in energy and environmental design (Leed) building certification to help protect the environment.
The platform is multi-tenanted, but iSheriff uses only purpose-built virtual machines (VMs) built in a hardened state by iSheriff engineers, said Cassidy.
“Only necessary packages and services are running on the systems. When needed packages and services running on these VMs are updated to ensure they are patched against all known vulnerabilities,” he said.
Cloud security grows with threat complexity
Security is further ensured by storing all data in an encrypted format, and all non-secure data is obfuscated as needed.
“Where applicable, the services running on our cloud systems allow connections only from trusted sources to augment existing security,” said Cassidy.
Businesses will increasingly be forced to adopt cloud-based security services to take care of the basics so they can concentrate on more complex threats, according to research firm Gartner.
“Businesses need to watch the development of security services from the cloud as we expect these to grow and evolve,” analyst Earl Perkins told the Gartner IAM Summit 2015 in London.
But Perkins said cloud is nevertheless still only in an “early maturity phase”, especially in Europe.
Gartner expects European organisations to familiarise themselves with cloud architecture by setting up private clouds first. But it said that, over time, they will evolve their thinking to overcome resistance to cloud.