SECURITY IN THE CLOUDS: THE BUSINESS CHALLENGE originally printed in tom sitpro February 2012 PART 1: A FUNDAMENTAL SHIFT Cloud solutions fundamentally shift the way that computing services are delivered. Presented by: The business challenge with the Cloud is the ability to address data protection, compliance, and loss of governance. However, the biggest driver is cost savings. Ten years ago we would have never thought about security in the Cloud. If you think about where you were a decade ago with Information Technology, you ll remember it was a time before server farms, before the rise of SaaS (software-as-a-service); before many of the protocols we Laura Paoletti Laura holds a Bachelor of Science Degree in Computer Information Systems and has been the Vice President IT at NBC-Universal and Disney ABC Television. She has also held positions at Ernst & Young LLP in the Technology practice. In her role she has been responsible for Applications, Infrastructure and Digital Media. Some of her notable accomplishments include the implementation of applications for Digital Media, Marketing, Finance, Manufacturing (supply chain), Sales and Consumer Products; Implementation of Enterprise Data Warehousing/Business Intelligence systems. Reprinted with permission use as standards today. It has always been an ever-evolving system of innovations, improvements and, yes, challenges. We ve all received that 3am emergency call, and we all have that stack of priority to-dos that never seem to get done, and whether it s staff, budget or resources, we ve all been asked to do more with less But, still, the powers-that-be expect the same level of innovation and iron-clad operation. It is in that same thought that the idea of security-as-a-service, nee, security from the Cloud, presents itself as the next wave in the obvious evolution in protecting your IT assets. The Cloud? There s no control in the Cloud. The level of protection can t be as secure as my own home-grown system. I ve invested too much money to change.
These were variations of the same arguments we had ten years ago before companies developed enterprise server farms, outsourced CRM and ERP to offsite services, etc. We ve all reaped the benefits from these innovations and paradigm shifts. I think we can dispel the issue that the Cloud is a fringe component of your overall strategy. Gartner predicts that the total worth of the Cloud computing market will rise to more than $150 billion by 2013. Merrill Lynch agrees. In fact their estimates are slightly more. But that isn t security-as-a-service you DID YOU KNOW Gartner, the nationally respected IT research firm predicted that the total worth of the cloud computing market will rise to more than$150 billion by 2013. Merrill Lynch agrees. In fact their estimates are slightly more. say well, it will be. So let s explore why it is already the new paradigm. Although there are many facets to an enterprise Cloud-based security strategy, let s focus on identity management, but in particular, access management and user provisioning. Regardless of the function, we all can agree on one thing: traditionally, when it comes to enterprise security, having it is expensive. It is expensive to purchase, expensive to acquire, expensive to license and expensive to procure hardware. Often it is necessary to hire security experts for the implementations which can be quite extensive and long. As we realized with Cloud-based applications, migrating centralized control of the security features to the cloud realizes an equivalent savings. The cost reductions can be staggering. Just the implementation costs alone (a 2:1 or 3:1--sometimes higher ratio of professional services costs to software licenses in traditional physical deployments) are cost prohibitive for many organizations. Cloud-based security can be the great equalizer. With no hardware burdens or software licensing issues, even a $25 million per year companies can enjoy the same degree of protection as a Fortune 500 enterprise.
Consider the whole of password management. Results published by Enterprise Management Associates (EMA), estimates that organizations maintain passwords for each of their users at an average cost of $250 every year. What does that mean for your 10,000 employees? That s a total annual cost $2.5 million just to maintain password control. However, SSO (single sign on) provides the benefit of centralized password management, which costs much less as compared to the annual costs mentioned above. According to Forrester Research, it is estimated that the managed cloud services security (MSS) market stands at $4.5 billion. PART 2: THE CLOUD: SAVINGS AND COST REDUCTIONS This cost reduction says nothing of the savings an organization experiences from the condensed administration concerns. No more babysitting temperamental systems, no more one-off password retrieval or user rights allocation. When managed from the Cloud, many of these time-consuming, resource-draining activities are taken care of automatically. When Mary from sales brings on a new assistant, a simple role assignment is applied and the new hire has all the rights and applications access their position demands. Department productivity rises simply from the divestiture of these simple tasks and can now be reallocated to higher value priorities. Another advantage of the Cloud model (beyond the infrastructure, personnel and administrative) is that it is a flexible, pay-as-you go solution. Is your company reorganizing? Adding a new division or subsidiary? This is no longer an issue because the system allows you scale up and down as needed. You may ask the question, why is this necessary now? The days of building out your infrastructure and data centers are less prevalent. Many Cloud companies provide the opportunity to purchase computing as needed which enables customers to move applications into the cloud. And since power, cooling and space are at a premium, companies are
looking to transition into the cloud to save on costs while getting a scalable solution. Of course, cost is a significant advantage, but it is still only a single point of consideration for a sea change migration. Let s look at logistics and compliance. Most companies have not thought about security in the way that they need to. If your company is spread over many states, or countries or Morgan Stanley estimates that by 2015, the mobile web will be bigger than desktop internet. Users now spend more time on Facebook than on any other site. But what does this have to do with enterprise IT? With user expectations about where and how they access information changing dramatically, there'll be growing pressure on IT to make enterprise applications available in similar ways. even different buildings in the same complex, you obviously have a multitude of issues regarding the access and control over who touches the application and when. You have issues with regards to updates, licenses, bug patches and password maintenance. Piled on top of that, if you have PCI (Payment Card Industry), SOX (Sarbanes Oxley) and other requirements for compliance, you must document application usage and provide mechanisms to ensure that your network is safe. Beyond your familiarity with the various policies, procedures and segregations, you must show this control across your expanded enterprise. This is one of the strongest attributes of security-as-a-service managed from the Cloud; the ability to universally control, administer and direct the necessary action from Los Angeles to London to Mumbai or just down the hall. This provides the ability to authenticate at the enterprise level. What is important is that you don t want your credentials in the cloud. You want to keep your credentials safe by having the ability to authenticate when trying to reach an application based on the customer requirements or accessing applications. You want to have the ability to use industry standard protocols to connect with the use of agents.
PART 3: KEY CLOUD SECURITY FACTORS One of the key factors is to provide security services without installing software agents that run at the customer site. What is optimal is to design a security platform to connect with industry standard protocols which allows scalability and ease of use with customers. This will eliminate the need to deal with hardware and software installations and reduce administrative maintenance. The Cloud isn t an all-or-nothing proposition; in other words, you do not have to make a choice between on-premise infrastructure security and One Gartner study assumes that 30% of the calls received have to do with password resets and access to applications and devices. In an enterprise of 10,000 employees, this means more than 750k for this service not to mention the lost revenue from lack of productivity. Password management, specifically one in the clouds promotes selfservice and allows for an immediate savings on more than 50%. Cloud security services. You have the opportunity to augment or transition the on-premise enterprise security infrastructure with cloud security services. Best practices prove that Cloud-based security augments any existing terrestrial system. However, the opposite is not true. This means that is if you already have Cloud security services you may not want to go back to on-premise security services due to cost, resources, and implementation time. There are several companies on the cutting edge of this technology. This is not to say that being on that edge is risky and just for early adopters. Companies like Microsoft (with Forefront), CloudAccess, FishNet, and Symplified, have shown that the Cloud is not just the next step, but a necessary component of your IT strategy for today. The reality of Cloud-based security has already proven as robust, secure and long-term viable as the concept. Now is the time to look again and reevaluate how your technology assets can be better protected for a fraction of the investment in time, infrastructure and dollars. What I find interesting about some of the Cloud solution providers is that they seem to have figured out how to provide a security-as-a-service platform and address the full spectrum of concerns including the ability to
modularize the powerful and necessary functions of an entire suite of Identity Management, Log Management and WebSSO (single sign-on). Whether you trust the protection of your IT assets to the Cloud, the choice is ultimately yours. But if you don t, understand that many of your competitors do and are realizing so many benefits the cost containment, centralized and simplified administration, control and automation, risk reduction, and easier compliance management. Most companies need to be able to rapidly scale up or down and deliver a rich experience across all devices and cloud solutions are assisting with this. The future is now, and the presence of security is in the cloud. Industry forecasts indicate that by 2013, 60% of server workloads will be virtualized. And, according to a recent survey, 3 out of 4 professionals recognize the overall power of cloud computing in that it Simplifies IT management Improves end-user experience Decreases IT performance challenges Reduces the cost of infrastructure Alleviate internal resource pressures Let us help you take the next step in IT asset protection. Contact us for a live demo or start a 30-day Free Trial of security-as-a-service managed from the cloud 877-550-CLOUD