While software, compute, platform, infrastructure and more-as-a-service continue to grow in popularity, security has lagged behind and it is not hard to see why. The as-a-service model is tried and trusted and enormously convenient for the companies that employ it but making use of it means putting technology that companies depend upon in the hands of a third party.
When it comes to security, that has historically been a step too far. But that is increasingly no longer the case and a growing number of Irish companies are adopting security-as-a-service, hoping to save money while also benefitting from access to the kind of expertise that’s expensive to employ full time.
A basic issue with security delivered as-a-service through the cloud is that is that making use of it involves a loss of control. As an end user, you have to trust your provider to run critical services that your business will depend upon, Ruggero Contu, Gartner
“A basic issue with security delivered as-a-service through the cloud is that is that making use of it involves a loss of control. As an end user, you have to trust your provider to run critical services that your business will depend upon,” said Ruggero Contu, research director with Gartner.
High security
“However, particularly with well-established cloud security providers like Amazon or Microsoft, the level of security is very high. It’s undoubtedly superior to most organisations but nevertheless it is an outsourcing of risk. Despite this, when we compare deployment rates for security delivered in the cloud, compared to the overall security market, we can say that faster growth is occurring for security controls delivered in the cloud.”
As a delivery model, the cloud is offering opportunities for organisations to deploy security that aligns to evolving environments, especially in the area of mobile computing or the cloud itself. According to Contu, that partly explains its evolving popularity — it just makes sense to have security that aligns to that environment.
“Not all security controls are entirely suitable to be delivered in the cloud – there are some areas like secure e-mail gateway, secure web gateway etc that aren’t. But for some, such as security information event management and the logging of security events and correlating the intelligence that is produced, we’ve seen an acceleration in their popularity particularly with the incredible popularity of public cloud services such as Amazon web services,” he said.
“Overall, for that particular technology area, there are still some concerns around certain types of information being handled in the cloud. It’s also a matter of maturity and of sector. The financial sector is by its very nature more cautious and is less attracted to the intangible benefits that a cloud-based security model can bring.
Medium move
According to Contu, it is not just the largest enterprise companies that are using security-as-a-service offerings, medium sized companies are doing it too.
“As an example, take identity access management in the cloud, or ID-as-a-service – we’ve seen initial interest coming primarily from mid-sized organisations that got exposed to it via software-as-a-service. Alongside their employees taking advantage of software as a service, they’re learning how to do other things, like how to apply access controls and provisioning for those users. That initial interest in that service delivered through the cloud has primarily been driven by mid-sized companies looking into the opportunities the SaaS model can offer them,” he said.
“We’re also starting to see larger organisations looking at the opportunities that ID in the cloud can bring but I would say that the nature of delivering security-as-a-service or security controls in the cloud, makes it more suitable for mid-sized organisations. But the trend is an overall one, and large enterprises are doing it as well, albeit maybe with a more tactical approach.”
Growing spend
That security-as-a-service is developing as an industry trends is beyond dispute. Forrester says that the current annual global spend on cloud security is around $282 million (€258 million), but it predicts this will rise to around $2 billion (€1.83 billion) by 2020, growing at an annual rate of 42%. Clearly now is a good time to be investing in offering or managing such services.
That security-as-a-service is developing as an industry trends is beyond dispute. Forrester says that the current annual global spend on cloud security is around €258m, but it predicts this will rise to around €1.83bn by 2020, growing at an annual rate of 42%
In its ‘Sizing the Cloud Security Market’ report published in 2015, Forrester also said while adoption of cloud delivered security-as-a-service is accelerating, security concerns remain. According to its research, 34% of North American and European business decision makers at enterprise level use software-as-a-service applications, with another 24% planning on doing so in the next 12 months.
Despite this though, there are still concerns amongst many about moving certain kinds of data into the cloud – most notably client information, employee data and intellectual property.
Dedicated capabilities
“My team is probably one of the largest dedicated cybersecurity capabilities in the market that there is. We have over 30 people who are pure cyber specialists and don’t double-job in anything else,” said Hugh Callaghan, an executive director in the advanced security centre in EY Dublin.
“The types of things that we deliver for clients routinely include penetration testing and ethical hacking. This is really about providing an independent viewpoint of the security of either a corporate network or a specific application or a web site. We actually take a hacker’s perspective on identifying the vulnerabilities that organised crime or other threat actors might use to disrupt the business.”
“That is an activity that has definitely been outsourced in significant measure over the last couple of years and will continue to be for exactly this reason — it’s very expensive to maintain that kind of in-house capability for any individual company even if it is a huge bank.”
Many of the security services that are being outsourced tend to be similarly expensive for even large companies to do themselves. But there are also other benefits to recruiting the perspectives of outsiders.
Critical business apps
“Many outsourced security services take on the perspective of customer-facing components of the business from an external or internet-facing point of view. But also more and more companies are actually now looking at their critical business applications, the tools by which their own internal staff carry out business every single day, and examining them the same way,” said Callaghan.
Subscribers 0
Fans 0
Followers 0
Followers