Virtualization Technology News and Information
Mimecast 2016 Predictions: Phasing Out 'DIY Security' for Cloud-Based Solutions

Virtualization and Cloud executives share their predictions for 2016.  Read them in this 8th Annual series exclusive.

Contributed by Orlando Scott-Cowley, Cyber-Security Strategist, Mimecast

Phasing Out 'DIY Security' for Cloud-Based Solutions

It's no stretch to say that in 2016, we'll see more and more companies begin to move their operations to the cloud - after all, we've already been watching that trend in full force. Rather, the more interesting development we'll see over the coming months and beyond is a specific shift to cloud-based security - not just for standard cyber-security practices, but more targeted security mechanisms for email, mobile, DLP and the Web.

But, all of this raises the question, why now? Why are enterprises making the move to the cloud for security reasons in 2016, and not one year ago or one year in the future?

To put it simply, it's because more and more companies are beginning to realize that their traditional means of protecting themselves - their do-it-yourself (DIY) approaches to cyber-security - just aren't cutting it anymore. And, the more time passes, the more "not cutting it anymore" becomes a bigger threat factor. Cyber threat actors, after all, aren't sitting idly by; they're becoming more sophisticated and deploying attacks with greater impact. The longer enterprises stick to their usual means of cyber-security, the more they put themselves at risk.

The End of DIY Security on Premises

Perhaps the greatest example of DIY cyber-security is on premises - the tried-and-true environment for businesses before the cloud ever came along. There are many enterprises who don't think their core business merits doing anything special or necessary for extra cyber-security. Consequently, they may be hesitant to leave behind that environment for the cloud - especially as the media coverage around data breaches might have you believe that the cloud is less secure than on premises.

But, the reality is much different: regardless of media hype, the cloud is widely recognized within the industry to be at least as secure as an on premises environment, if not more so, and does so while offering greater connectivity between a company's users.

Just consider, how many businesses even purchase on premises services anymore? Who is actually seeking out the old ways of locking users and data behind firewalls, keeping them trapped in that one isolated environment? Gating network and email access just isn't practical anymore - employers and employees want to be able to access their data remotely and on mobile devices, so they can connect to and share with one another freely.

Cyber-security isn't an impenetrable wall that your data should be locked behind anymore. The cloud allows to you to secure your communications and protect yourself from threats - whether spear-phishing, cybercrime-as-a-service or whaling attacks - while still being able to share data with each other.

The On Premises Holdouts

Of course, not everyone needs to move to the cloud. There are some industries - particularly government - that will only operate on their uniquely tailored environments. Agencies like the CIA and NSA, or defense contractors like B2G partners, use entirely separate communications security infrastructures to keep themselves insulated from the risk of attack.

For these organizations, on premises makes sense. There are, after all, stringent compliance requirements for groups that work in national security. As a result, these organizations will likely remain with on premises and stay away from the cloud for a long while.

What a Reputable Cloud Provider Will Look Like

But, your average enterprise isn't the CIA, and doesn't have the robust on premises infrastructure that these agencies have. So, for these enterprises, migrating to the cloud makes sense. But, it's important that those companies looking to move to the cloud do their homework first - after all, if the type of DIY security you're used to doesn't make the standard anymore, then they need to take a look at what does determine that standard.

Don't just take a cloud provider's sales' or marketing reps' word at face value. Talk to their CISOs about how their cloud architectures are set up, how they segregate your data from others' and prevent cross-contamination of accounts. Run through cyberattack scenarios with them. Look for ISO certifications that demonstrate that they're a reputable vendor. And, don't be afraid to be too much of a control freak in this area.

Cloud Adopters Will Come to Recognize the Need for Supplemental Security

Hand-in-hand with the realization that DIY on premises security doesn't cut it anymore is also the realization that the built-in security features of cloud environments like Microsoft's Office 365 and Google Apps for Work won't cut it for long, either.

Many businesses not previously on the cloud are taking their first steps into the cloud environment through such providers. And, as enamored as users will be with them right out of the box, more and more will realize - and are already beginning to realize - that they will need to adopt additional services and tools to supplement their security needs.

Just as businesses will be phasing out their DIY means of on premises security for cloud environments, such cloud adoption will also help inspire discussions about the kinds of cloud security that these companies need beyond what their cloud platforms offer.

Those discussions will continue to take shape as real actions toward multilayered security services in the year ahead. 


About the Author

Orlando Scott-Cowley, a cyber-security strategist, joined Mimecast in 2006 in the company's infancy and has been a key part of the company's growth in the UK and USA markets. A technologies graduate, CISSP and CCSK, he has a deep background in IT Security and 17 years of high-level Technical Consultancy experience, ranging from security & risk consultancy to penetration testing and more.

Orlando writes and speaks for influential publications and events in the UK and US on a variety of topics, including security, risk, compliance and the emergence of cloud and SaaS technologies.
Published Monday, January 11, 2016 3:54 PM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2016>