Welcome!

@CloudExpo Authors: Automic Blog, William Schmarzo, Elizabeth White, Dalibor Siroky, Mehdi Daoudi

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Blog Post

Are the Costs of Cloud Security Too Good to Be True?

Comparing cloud apples to cloud apples

What is it they say…you get what you pay for, right? In most cases, that is a spot on assessment but in terms of the cloud-based security, the numbers tend to add up towards the benefit of the user. But let’s get the whole idea of numbers down straight. It’s all relative. What is pricy for one organization is downright affordable to another, so in terms of costs let’s look squarely at the moving target of return on investment. What makes cloud security compelling is how the costs break down in terms of hard and soft cost savings.

First let’s compare apples to apples. I am not talking about just applying a single sign on solution or identity management, or even SIEM, but rather analyzing cloud security holistically. Each of these components are a growing necessity for any company who deals with proprietary data, responsibly protects customer information and transactions,  and each needs to work in concert to maintain the highest degree of security integrity. But this sound expensive. And in many cases it is; especially for all those companies that are not multi-trillion dollar international corporations who have dedicated staffs who build everything in house. But if you are that successful medical supply company, or a semi-conductor manufacturer or simply a national retailer of note (and/or you’re a $20 million dollar homeowner information software company), the cloud provides attractive, affordable benefits that give you the same degree of security as the biggest dogs.

There are some cost savings that are immediately apparent. With the cloud there is no hardware or software to install. If your cloud vendor insists on buying either one, then they are not a true cloud provider. The main benefit of the cloud is a “no muss, no fuss” policy of maintenance. Control…that belongs to you. If you wish to be a hands-on administrator, cloud is a conduit to complete security functionality. If you wish to delegate portions because of bandwidth, personnel or budget constraints, security-as-a-service might be an obliging alternative. However, these cost savings are usually the same with any cloud computing solution.

So as we dig deeper, one must consider direct costs, soft costs, scope of services, and migration issues. I realize that cloud security is not just some application (even one as important as CRM or payroll), it can be an intimate part of the enterprise infrastructure. Therefore the ROI must look at a variety of less than obvious considerations. Take SIEM for example. Your organization may incorporate some version of anomaly protection. For most companies, it is a part time venture—monitored only when someone’s in the office. So there might be issues that get nested in the weeds for 12-16 hours a day. It is conceivable, things get missed—and some are more harmful than others. It’s like going out in the snow in just a windbreaker. You’re generally covered, but there is still the likelihood, you’ll come home with the flu. With the cloud, and more specifically security-as-a service, you pay for best-of-breed enterprise tools, a higher degree of functionality and 7/24/365 monitoring. And you pay usually a fraction of the cost.

Then there is the issue of compliance. How much time and effort is spent ensuring the audits for PCI, SOX or HIPAA are in order? And not just the time, but sewing together every data silo, endpoint and transaction within the enterprise to ensure proper adherence to the requirements. Just the compliance aspect can run in the thousands of man hours and hundreds of thousands of dollars. Again, a true cloud security deployment can cut that by 75%. Most of the necessary documentation, events and transactions are scrutinized, correlated, secured and logged (and when dictated by law, destroyed) to keep your company not only compliant (and your customer’s personal data and your proprietary intelligence safe), but properly audited without adding more personnel, man hours or losing effectiveness through job fragmentation .

Then there are soft costs. Consider the benefits of precision budgeting and the reduction of operating costs, the HR savings (no benefits, no vacations, no training or ramp up time, churn) and the ability to prioritize based on your core competencies. I can spend a whole blog on these items alone (and down the line I will), but note the promise of cloud-based security is improved risk management at affordable, scalable costs.

Now let’s assume, you agree with the cost savings and the expanded capabilities cloud-based security affords an organization like yours, many still see the migration to the cloud as a painful, costly and time consuming stumbling block. Now if you are a monolith the size of HP and are looking to move every asset to a cloud, then it is possible the migration can be difficult. However, by leveraging existing and legacy programs, using a mixture of public, private and hybrid cloud configurations and laying out a coherent strategy, the issue of migration becomes moot. However, I don’t advocate throwing the baby out with the bathwater. Many companies have a significant and long term investment made in several on-premise and legacy infrastructure applications that still have not reached an inverted level of depreciation. Cloud-based security does not ask that you abandon everything to the cloud. It simply is another tool that leverages your existing investments and creates a new level of capability that allows you to manage the security of the enterprise more efficiently, cost-effectively and directed with greater strength and reach.

Many IT departments are often asked to more with less. At least in the realm of security, the cloud offers a means to do just that. However, just like any investment, you need to make sure that it matches your overall strategy and that you find a partner with integrity, expertise and a proven track record of protecting assets in and from a virtualized environment.

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@CloudExpo Stories
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
"Codigm is based on the cloud and we are here to explore marketing opportunities in America. Our mission is to make an ecosystem of the SW environment that anyone can understand, learn, teach, and develop the SW on the cloud," explained Sung Tae Ryu, CEO of Codigm, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, discussed how by using ne...
"There's plenty of bandwidth out there but it's never in the right place. So what Cedexis does is uses data to work out the best pathways to get data from the origin to the person who wants to get it," explained Simon Jones, Evangelist and Head of Marketing at Cedexis, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
"Infoblox does DNS, DHCP and IP address management for not only enterprise networks but cloud networks as well. Customers are looking for a single platform that can extend not only in their private enterprise environment but private cloud, public cloud, tracking all the IP space and everything that is going on in that environment," explained Steve Salo, Principal Systems Engineer at Infoblox, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventio...
Data scientists must access high-performance computing resources across a wide-area network. To achieve cloud-based HPC visualization, researchers must transfer datasets and visualization results efficiently. HPC clusters now compute GPU-accelerated visualization in the cloud cluster. To efficiently display results remotely, a high-performance, low-latency protocol transfers the display from the cluster to a remote desktop. Further, tools to easily mount remote datasets and efficiently transfer...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"We're developing a software that is based on the cloud environment and we are providing those services to corporations and the general public," explained Seungmin Kim, CEO/CTO of SM Systems Inc., in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, provided a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to oper...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He explored applications in several industries and discussed technologies that allow the deployment of advanced visualization solutions to the cloud.
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, discussed how data centers of the future will be managed, how the p...