|By Kevin Nikkhoo||
|March 28, 2014 11:00 AM EDT||
Of all the strategies and tactics available to prevent breaches, deter data leakage and theft, control access and secure beyond the so-called network perimeter, the one that is emerging as an achievable and affordable best practice is that of unified security from the cloud.
But if you look across the web, you will no doubt come across various versions of what constitutes “unified,” what is “protected,” and, what is “security from the cloud?” Luckily this means that the concept of unified security from the cloud is becoming more and more of a best practice. In general, the practice of unified security is the centralization of all security functions under one umbrella across the enterprise. This means more than ensuring data encryption. It means more than access policies. It means more than intrusion detection, malware blocking, data review. It’s more than ensuring compliance to the various regulatory bodies that provide general guidelines. It is the sum of all these things… and more.
So what is unified security? In short, it is an enterprise-powered tactical strategy that not only centralizes various security toolsets, but creates the seamless means to create cooperative functionality between them all. And as a cloud-based security initiative, this creates several tangible benefits that will allow any-sized company to upgrade their protection, but expand their protection beyond the network-centric traditional models of perimeter security.
To properly expand visibility, unified security is typically comprised of several solutions including system log archiving (the collection and storage of all online activity), identity management (administration of users, passwords and applications), access management (enforcement of identity rules and channeled access to data) and SIEM (the intelligence that correlates and contextualizes all activity).
True unified security is also more than the solutions it comprises; it includes the analysis, management, and the implementation of access and intelligence policies that transform it from passive to proactive and immediately responsive. And by developing and managing these security features, solutions and policies from the cloud is more than the obvious cost savings, it allows for the exponential expansion of real time visibility over a broader landscape and facilitates a more secure transaction compatibility with the way modern enterprises exchange, process and share information.
To that end, the following are 10 benefits of implementing unified security from the cloud.
10. Right size as the situation dictates – In today’s business landscape, change is often fast and evolutionary. Being able to keep up is a major challenge for IT and IT security. One of the hallmarks of a cloud-based implementation is the flexibility and agility to adjust its scope quickly and without the oppressive costs and time of a consultant or IT service. Considering the hoops of fire and Herculean strength needed to expand coverage to a new department or division, on-premise security initiatives may require the purchase of new expensive servers, resource-heavy reconfiguration and re-prioritization of core competency projects. With the cloud’s natural economies of scale, these costs are already absorbed and changes are more fluid and immediate. And with unified security, it’s more than just applying a sensor or agent on a server to collect new data. The changes to right size affect more than a single solution, —you must consider the constant fluctuation of change within an enterprise-the ebb and flow of staffing, the adjustment of new, updated and retired applications, and all the moving parts that come with incorporating vendors, suppliers and customers into the permission and protection mix. Unified security from the cloud creates the freedom and necessary speed to evolve with a company’s changing situation on an as-needed basis without an Act of Congress while still ensuring the adjustments across all the entire security landscape.
9. Make compliance easier: One of the substantial drains of time and energy go into the process of proving to various regulatory bodies that various slices of data are free from prying keyboards. Some companies go so far as dedicating personnel to simply comb through logs and find and report upon instances of breach and questionable activities. As I’ve insisted many times before, this practice is akin to looking for the horse in a gigantic haystack long after its left the barn (no matter how often sys-logs are reviewed, it is done in a rear-view mirror. These are events that have already occurred. And the damage is already done).
When evaluating what organizations like PCI and HIPAA require, the scope is more than just continuous monitoring (see blog regarding continuous monitoring satisfies compliance, but not security). They require proof of compliance for everything from firewall configuration to vulnerability scans, from data storage protocols to the development of identity authentication, password management and access privileges. I've identified about 20 common critical controls that are typically required by all compliance agencies. Unified security consolidates all the capabilities so that the reporting is considerably more streamline and accessible. Instead of four or five solutions each requiring four or five reports, logins and the physical coordination, collection and review for reporting, compliance is achieved by an automated model (see the white paper Mapping Compliance Requirements). It is the multiple collaborative and concurrent layers of security that support the automations, create better accuracy and significantly reduce the time previously dedicated to compliance reporting.
8. Easier, faster to deploy and find ROI. Forrester noted that 73% of major software implementations don’t get past phase 1. Whether a result of scope creep, budget issues or flagging executive buy-in, the promise of ROI for on premise security initiatives are difficult; not to mention the drag on IT productivity and lack of measurable results. And it’s those results we depend on to drive ROI and solve the business need (see the article: Is your security initiative “one inch into a mile”? ) It’s no secret that way too many companies view security solutions as a “nice to have” luxury or a grudgingly purchased cost center. But this is a different business environment than even that of 5 years ago; beyond the drivers of compliance and industry required governance IT security must be built into the fabric of every online facet of the business. Ignore reality at your own peril.
Assuming that security investments are not simply a luxury, the question remains how do you find ROI in a prevention initiative? On-premise point solutions are expensive. There’s no getting around that fact. Installing them is expensive. Configuring them is expensive. Maintaining them is expensive. In fact, Gartner estimates the annual cost to own and manage traditional on-premise security software applications can be 4X the initial purchase. Each and every move is a significant bite out of the any potential ROI gain in productivity. It might be more than 3 years before the investment starts paying off in any tangible way. Now the cloud, especially the unified security configuration, removes all of the waiting time. As a multi-tenant deployment, there is no hardware to buy, no software to install. Your complex, planned multi-phased, multi-year rollout can be fused a single week (sometimes “installation-to-insight” in minutes). Therefore the cloud version is providing the immediate benefits and immediate returns. Moreover, unified cloud security removes the complexity in configuration, installation and deployment because it is already built and easily customized to fit any sized organization.
We’ll deal with cost later on, but in terms of ROI, because there are no capital expenditures and the ability to keep investment minimized and output maximized means you can realign resources based on immediate business needs. The ROI is the elimination of negative impact—no compliance fines, no trust-busting breaches while waiting for the system to be fully functional, reduced risks and liabilities may decrease various insurance costs, no employees slipping away unnoticed with a database of your customers, no having to put out malware fires, no excessive time management conflicts from multi-sourced coordination, no de-centralized shadow IT, etc..
7. Better safeguard against BYOD: It may be the buzzword of the moment, but it is a trend that will continue to proliferate. Employees are increasingly using their own potentially-unsanctioned devices (smart phones, tablets and other mobile devices) to access your network, applications and data. (Read the blog “The Genie, the bottle and BYOD). Users love the mobility and the immediacy of these devices, but forget these devices are just hand-held computers prone to the same intrusions, attacks, viruses and risks as the computers used in the office. The larger problem is many users don’t see that, so every time they sign on to your network or download an app, it creates a wider and wider vulnerability gap for the enterprise network. However, by implementing unified security (that includes access control and identity management), you can minimize what an employee (or supplier, partner or any other group) can see and what tools they can access. Additionally unified security policies can create an alert every time one of these unsanctioned devices tries to access the enterprise. Based on your protocols and administrative policies, the system can grant access or block for these mobile devices. It is one way in which identity management, access management; log management and SIEM work seamlessly together and prevent unwarranted access or careless usage issues.
6. Security-as-a-service offers continuous tribal knowledge (expertise) without adding headcount. One of the constant impediments to shrinking the vulnerability gap is recruiting and retaining the specific type of talent necessary to maintain an enterprise-level security initiative. But The MSPAlliance reports that the unemployment rate for such professionals is less than 1%--and the salary for these specialists has doubled in the past three years. Security-as-a-service is the “secret” value-add that accompanies a cloud-based deployment. Having an expert that understands more than what a denial of service/brute force attack looks like can be invaluable; one that knows how to read in between the lines; that understands context and can trigger an alert or dismiss a possible threat as harmless—and to do it without any additional personnel costs to a company is a huge benefit.
We will be continuing this list next week with our entries of 5 through our number one benefit. However, in case you can’t wait, here’s a preview...
5. Control applications and who gets to use them
4. Know what’s happening faster, more completely
3. Real time actionable information
2. One single, centralized management component
1. More protection, less cost
Data-as-a-Service is the complete package for the transformation of raw data into meaningful data assets and the delivery of those data assets. In her session at 18th Cloud Expo, Lakshmi Randall, an industry expert, analyst and strategist, will address: What is DaaS (Data-as-a-Service)? Challenges addressed by DaaS Vendors that are enabling DaaS Architecture options for DaaS
Feb. 13, 2016 08:45 PM EST Reads: 397
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed...
Feb. 13, 2016 07:00 PM EST Reads: 417
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right ...
Feb. 13, 2016 04:45 PM EST Reads: 206
SYS-CON Events announced today that FalconStor Software® Inc., a 15-year innovator of software-defined storage solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. FalconStor Software®, Inc. (NASDAQ: FALC) is a leading software-defined storage company offering a converged, hardware-agnostic, software-defined storage and data services platform. Its flagship solution FreeStor®, utilizes a horizonta...
Feb. 13, 2016 02:30 PM EST
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, will discuss the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filte...
Feb. 13, 2016 02:00 PM EST Reads: 258
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies adopt disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advanced analytics, and DevO...
Feb. 13, 2016 01:30 PM EST Reads: 286
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Avere delivers a more modern architectural approach to storage that doesn’t require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbuilding of data centers ...
Feb. 13, 2016 01:30 PM EST Reads: 146
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
Feb. 13, 2016 12:45 PM EST Reads: 473
The Quantified Economy represents the total global addressable market (TAM) for IoT that, according to a recent IDC report, will grow to an unprecedented $1.3 trillion by 2019. With this the third wave of the Internet-global proliferation of connected devices, appliances and sensors is poised to take off in 2016. In his session at @ThingsExpo, David McLauchlan, CEO and co-founder of Buddy Platform, will discuss how the ability to access and analyze the massive volume of streaming data from mil...
Feb. 13, 2016 12:00 PM EST
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
Feb. 13, 2016 12:00 PM EST Reads: 474
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 ad...
Feb. 13, 2016 12:00 PM EST Reads: 451
In most cases, it is convenient to have some human interaction with a web (micro-)service, no matter how small it is. A traditional approach would be to create an HTTP interface, where user requests will be dispatched and HTML/CSS pages must be served. This approach is indeed very traditional for a web site, but not really convenient for a web service, which is not intended to be good looking, 24x7 up and running and UX-optimized. Instead, talking to a web service in a chat-bot mode would be muc...
Feb. 13, 2016 11:45 AM EST Reads: 314
SYS-CON Events announced today that Men & Mice, the leading global provider of DNS, DHCP and IP address management overlay solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. The Men & Mice Suite overlay solution is already known for its powerful application in heterogeneous operating environments, enabling enterprises to scale without fuss. Building on a solid range of diverse platform support,...
Feb. 13, 2016 11:45 AM EST Reads: 278
When building large, cloud-based applications that operate at a high scale, it’s important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. “Fly two mistakes high” is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee...
Feb. 13, 2016 11:45 AM EST
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes ho...
Feb. 13, 2016 11:30 AM EST Reads: 281
WebSocket is effectively a persistent and fat pipe that is compatible with a standard web infrastructure; a "TCP for the Web." If you think of WebSocket in this light, there are other more hugely interesting applications of WebSocket than just simply sending data to a browser. In his session at 18th Cloud Expo, Frank Greco, Director of Technology for Kaazing Corporation, will compare other modern web connectivity methods such as HTTP/2, HTTP Streaming, Server-Sent Events and new W3C event APIs ...
Feb. 13, 2016 11:30 AM EST
SYS-CON Events announced today that AppNeta, the leader in performance insight for business-critical web applications, will exhibit and present at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. AppNeta is the only application performance monitoring (APM) company to provide solutions for all applications – applications you develop internally, business-critical SaaS applications you use and the networks that deli...
Feb. 13, 2016 11:30 AM EST Reads: 447
Fortunately, meaningful and tangible business cases for IoT are plentiful in a broad array of industries and vertical markets. These range from simple warranty cost reduction for capital intensive assets, to minimizing downtime for vital business tools, to creating feedback loops improving product design, to improving and enhancing enterprise customer experiences. All of these business cases, which will be briefly explored in this session, hinge on cost effectively extracting relevant data from ...
Feb. 13, 2016 11:30 AM EST Reads: 158
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
Feb. 13, 2016 11:00 AM EST
SYS-CON Events announced today that iDevices®, the preeminent brand in the connected home industry, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. iDevices, the preeminent brand in the connected home industry, has a growing line of HomeKit-enabled products available at the largest retailers worldwide. Through the “Designed with iDevices” co-development program and its custom-built IoT Cloud Infrastruc...
Feb. 13, 2016 11:00 AM EST Reads: 154