January 23rd, 2013

Causes of Security Paralysis and Cloud-Based Cures
Over and over again we are given statistics on how risk is growing in disproportion to security readiness.
• -91% of companies have experienced at least one IT security event from an external source.
• -90% of all cyber crime costs are those caused by web attacks, malicious code and malicious insiders.
• -40% reported rogue cloud issues (shadow IT) experienced the exposure of confidential information as a result
• -34% share passwords with their co-workers for applications like FedEx, Twitter, Staples, LinkedIn.
Due to complexity, over 70% of organisations are still not adequately securing critical systems
We have broken it down into the most common “excuses.” But rather than complaining about the problem, we want to rebut those excuses by promoting cloud-based answers.
1. It’s expensive
2. It’s time consuming
3. It’s resource heavy
4. There’s perceived imbalance in the risk/reward quotient
5. We’ve got it covered
6. We haven’t been attacked/complacency
7. Expertise difficult to retain
1) Cost: There is no doubt many companies think that a fully integrated security program is going to force it to open its wallet. It is predominantly this reason alone that so many companies ”get by” with what they have—be it malware or firewall protection, an email sniffer, or based on compliance requirements, whatever is the smallest investment to get the alphabet soup of agencies off their back.
How cloud security overcomes the obstacle. It’s simple, really. More bang for the buck. Using the ability to apply operation expenses over capital ones is a significant savings in itself. No expensive servers to buy, no software to maintain and watch depreciate.

2) Time: There’s just never enough of it. Every IT pro we talk to wears many hats. They are installers, monitors, coders, patchers, reporters, developers, and a hundred other chapeau descriptors.

And security in the modern enterprise needs to be a fully dedicated concern. Sure there are some companies that can afford this, but most can’t…it’s just another line of job description.
How cloud security overcomes the obstacle. Being proactive takes time. By applying security as a service, you remove any additional headcount. You can take the time that was dedicated to certain security functions and reprioritise them for core business functions.

3) Resources: In many companies this is the premium currency. And, in many companies resources are spread devastatingly thin.

Whether we are talking human resources, financial resources, spatial resources, application/functional resources or knowledge resources, the ability to weigh and deploy the right amount of assets towards an issue, directly effects its successful management.

How cloud security overcomes the obstacle. Security managed from the cloud relieves a great deal of the resource overload. It provides the additional capabilities at a lesser cost. With this expanded functionality and potential, one can create greater awareness and better visibility across a larger scope of information.

4) Risk/Reward Imbalance. The expense of security does not necessarily pay for itself. It’s a cost center, right? But security must be perceived as more than a purchase of some software and the manpower to run reports.

There are other factors to consider. The balance sheet doesn’t show the lost business because of lack of trust or poor security reputation. It doesn’t show the savings as it prevents proprietary secrets like sales databases walking away to the competition when an angry employee can gain access weeks after termination. It doesn’t show the fines and lost time when compliance isn’t met.

How cloud security overcomes the obstacle. The biggest reason for the risk-reward imbalance is typically the reasons noted already. It’s costly, it takes a certain percentage of manpower, and it’s complex.

But if cloud-based security capabilities remove those obstacles, the balance starts tipping more heavily toward reward.

5) Covered: Log management, by itself, won’t cut it. Neither will just web access control or firewall protection. In some cases, it may bring you up to the letter of the law with regard to compliance, but if security is like a house, the door is locked but all the windows are open.

If you’re of the 30% who truly are properly secured, then stop reading. But if you are most companies, you really don’t have it covered. The excuse is simply code for I have other fires to put out, and it isn’t a large enough issue for me to raise it up on the priority scale. I should know, I use it as a default setting for most sales calls.
How cloud security overcomes the obstacle. Quick answer is a unified security deployment from the cloud allows you to fill in the gaps of where you currently are lacking.

Not consistently monitoring? Check. Not controlling access to certain applications. Check. Not analyzing data and creating escalation alerts in real time? Check. It doesn’t have to be a replacement strategy—get rid of all the investment and hard work you’ve put into a certain systems, solutions, processes and tools.

6) Not attacked: Do you know that for sure? If you are not checking for termites, doesn’t mean your house isn’t infested. Those who think their organizations are too small or too unimportant for hackers to care are only seeing part of the picture. It’s common understanding that it is not an issue of ‘if” anymore, but a measure of “when.” an IT security event will occur.

Still not convinced? Hackers are banking on this thought process to use these systems as stepping stones for larger fish. If your system is open and you connect to larger payment systems or applications, you are open to danger. Second, not every danger is some barbarian at the gate.

How cloud security overcomes the obstacle. Simply apply a 30-day free trial of any of the cloud-based SIEM solutions out there that monitor in real time and you will have your eyes opened into how much activity is pinging your system every day.

7) Lack of expertise: Finding the right person to deploy and manage a top notch security program is tough.

How cloud security overcomes the obstacle. Security-as-a-service builds in the expertise required to monitor, analyse, and manage a strong security presence. Through this version of outsourcing, you not only save on the hard costs of salary, but the soft costs of training, ramp up, benefits, vacations, etc.

There’s no longer an excuse to be part of that 70%!

Leave a Reply

Your email address will not be published.