Welcome!

@CloudExpo Authors: Elizabeth White, Pat Romanski, Liz McMillan, Jason Bloomberg, Kevin Benedict

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Blog Post

Are the Costs of Cloud Security Too Good to Be True?

Comparing cloud apples to cloud apples

What is it they say…you get what you pay for, right? In most cases, that is a spot on assessment but in terms of the cloud-based security, the numbers tend to add up towards the benefit of the user. But let’s get the whole idea of numbers down straight. It’s all relative. What is pricy for one organization is downright affordable to another, so in terms of costs let’s look squarely at the moving target of return on investment. What makes cloud security compelling is how the costs break down in terms of hard and soft cost savings.

First let’s compare apples to apples. I am not talking about just applying a single sign on solution or identity management, or even SIEM, but rather analyzing cloud security holistically. Each of these components are a growing necessity for any company who deals with proprietary data, responsibly protects customer information and transactions,  and each needs to work in concert to maintain the highest degree of security integrity. But this sound expensive. And in many cases it is; especially for all those companies that are not multi-trillion dollar international corporations who have dedicated staffs who build everything in house. But if you are that successful medical supply company, or a semi-conductor manufacturer or simply a national retailer of note (and/or you’re a $20 million dollar homeowner information software company), the cloud provides attractive, affordable benefits that give you the same degree of security as the biggest dogs.

There are some cost savings that are immediately apparent. With the cloud there is no hardware or software to install. If your cloud vendor insists on buying either one, then they are not a true cloud provider. The main benefit of the cloud is a “no muss, no fuss” policy of maintenance. Control…that belongs to you. If you wish to be a hands-on administrator, cloud is a conduit to complete security functionality. If you wish to delegate portions because of bandwidth, personnel or budget constraints, security-as-a-service might be an obliging alternative. However, these cost savings are usually the same with any cloud computing solution.

So as we dig deeper, one must consider direct costs, soft costs, scope of services, and migration issues. I realize that cloud security is not just some application (even one as important as CRM or payroll), it can be an intimate part of the enterprise infrastructure. Therefore the ROI must look at a variety of less than obvious considerations. Take SIEM for example. Your organization may incorporate some version of anomaly protection. For most companies, it is a part time venture—monitored only when someone’s in the office. So there might be issues that get nested in the weeds for 12-16 hours a day. It is conceivable, things get missed—and some are more harmful than others. It’s like going out in the snow in just a windbreaker. You’re generally covered, but there is still the likelihood, you’ll come home with the flu. With the cloud, and more specifically security-as-a service, you pay for best-of-breed enterprise tools, a higher degree of functionality and 7/24/365 monitoring. And you pay usually a fraction of the cost.

Then there is the issue of compliance. How much time and effort is spent ensuring the audits for PCI, SOX or HIPAA are in order? And not just the time, but sewing together every data silo, endpoint and transaction within the enterprise to ensure proper adherence to the requirements. Just the compliance aspect can run in the thousands of man hours and hundreds of thousands of dollars. Again, a true cloud security deployment can cut that by 75%. Most of the necessary documentation, events and transactions are scrutinized, correlated, secured and logged (and when dictated by law, destroyed) to keep your company not only compliant (and your customer’s personal data and your proprietary intelligence safe), but properly audited without adding more personnel, man hours or losing effectiveness through job fragmentation .

Then there are soft costs. Consider the benefits of precision budgeting and the reduction of operating costs, the HR savings (no benefits, no vacations, no training or ramp up time, churn) and the ability to prioritize based on your core competencies. I can spend a whole blog on these items alone (and down the line I will), but note the promise of cloud-based security is improved risk management at affordable, scalable costs.

Now let’s assume, you agree with the cost savings and the expanded capabilities cloud-based security affords an organization like yours, many still see the migration to the cloud as a painful, costly and time consuming stumbling block. Now if you are a monolith the size of HP and are looking to move every asset to a cloud, then it is possible the migration can be difficult. However, by leveraging existing and legacy programs, using a mixture of public, private and hybrid cloud configurations and laying out a coherent strategy, the issue of migration becomes moot. However, I don’t advocate throwing the baby out with the bathwater. Many companies have a significant and long term investment made in several on-premise and legacy infrastructure applications that still have not reached an inverted level of depreciation. Cloud-based security does not ask that you abandon everything to the cloud. It simply is another tool that leverages your existing investments and creates a new level of capability that allows you to manage the security of the enterprise more efficiently, cost-effectively and directed with greater strength and reach.

Many IT departments are often asked to more with less. At least in the realm of security, the cloud offers a means to do just that. However, just like any investment, you need to make sure that it matches your overall strategy and that you find a partner with integrity, expertise and a proven track record of protecting assets in and from a virtualized environment.

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@CloudExpo Stories
SYS-CON Events announced today that Secure Channels, a cybersecurity firm, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Secure Channels, Inc. offers several products and solutions to its many clients, helping them protect critical data from being compromised and access to computer networks from the unauthorized. The company develops comprehensive data encryption security strategie...
Vulnerability management is vital for large companies that need to secure containers across thousands of hosts, but many struggle to understand how exposed they are when they discover a new high security vulnerability. In his session at 21st Cloud Expo, John Morello, CTO of Twistlock, will address this pressing concern by introducing the concept of the “Vulnerability Risk Tree API,” which brings all the data together in a simple REST endpoint, allowing companies to easily grasp the severity of t...
Recently, WebRTC has a lot of eyes from market. The use cases of WebRTC are expanding - video chat, online education, online health care etc. Not only for human-to-human communication, but also IoT use cases such as machine to human use cases can be seen recently. One of the typical use-case is remote camera monitoring. With WebRTC, people can have interoperability and flexibility for deploying monitoring service. However, the benefit of WebRTC for IoT is not only its convenience and interopera...
SYS-CON Events announced today that SkyScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SkyScale is a world-class provider of cloud-based, ultra-fast multi-GPU hardware platforms for lease to customers desiring the fastest performance available as a service anywhere in the world. SkyScale builds, configures, and manages dedicated systems strategically located in maximum-security...
SYS-CON Events announced today that Datera will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera offers a radically new approach to data management, where innovative software makes data infrastructure invisible, elastic and able to perform at the highest level. It eliminates hardware lock-in and gives IT organizations the choice to source x86 server nodes, with business model option...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
SYS-CON Events announced today that Akvelon will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Akvelon is a business and technology consulting firm that specializes in applying cutting-edge technology to problems in fields as diverse as mobile technology, sports technology, finance, and healthcare.
Connecting to major cloud service providers is becoming central to doing business. But your cloud provider’s performance is only as good as your connectivity solution. Massive Networks will place you in the driver's seat by exposing how you can extend your LAN from any location to include any cloud platform through an advanced high-performance connection that is secure and dedicated to your business-critical data. In his session at 21st Cloud Expo, Paul Mako, CEO & CIO of Massive Networks, wil...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
As more and more companies are making the shift from on-premises to public cloud, the standard approach to DevOps is evolving. From encryption, compliance and regulations like GDPR, security in the cloud has become a hot topic. Many DevOps-focused companies have hired dedicated staff to fulfill these requirements, often creating further siloes, complexity and cost. This session aims to highlight existing DevOps cultural approaches, tooling and how security can be wrapped in every facet of the bu...
For financial firms, the cloud is going to increasingly become a crucial part of dealing with customers over the next five years and beyond, particularly with the growing use and acceptance of virtual currencies. There are new data storage paradigms on the horizon that will deliver secure solutions for storing and moving sensitive financial data around the world without touching terrestrial networks. In his session at 20th Cloud Expo, Cliff Beek, President of Cloud Constellation Corporation, d...
IT organizations are moving to the cloud in hopes to approve efficiency, increase agility and save money. Migrating workloads might seem like a simple task, but what many businesses don’t realize is that application migration criteria differs across organizations, making it difficult for architects to arrive at an accurate TCO number. In his session at 21st Cloud Expo, Joe Kinsella, CTO of CloudHealth Technologies, will offer a systematic approach to understanding the TCO of a cloud application...
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Secure Channels, a cybersecurity firm, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Secure Channels, Inc. offers several products and solutions to its many clients, helping them protect critical data from being compromised and access to computer networks from the unauthorized. The company develops comprehensive data encryption security strategie...
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SS...
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.