What is Cloud-Based Security? Cloud-based Security = Security Management + Cloud Computing.
What is Cloud-Based Security? Cloud computing is: IT services via the internet from an external service provider the most important recent trend in IT technology
What is Cloud-Based Security? With Cloud Computing, you can eliminate investments in: Servers and other network equipment, Software installed on in-house computers In-house IT staff Business Software Version 3.2
What is Cloud-Based Security? In the same way, Cloud-Based Security Solutions: Provide security users with security management services using an internet connection Do not require users to invest in onsite equipment such as dedicated servers network video recorders or other infrastructure. Security Management Software Version 4.0
Cloud computing: an analogy Cloud computing acts a central utility for IT services, Tenant providing software, storage, data management and infrastructure services to multiple users, or tenants Tenant Central Service Provider Tenant Tenant Tenant
Cloud computing: an analogy So cloud computing is similar to receiving electricity from a central provider via the grid
Cloud computing versus SaaS
In other words:
Access Control as a Service (ACaaS) Overview: All access management activity, data and applications are managed on external storage and server facilities. With ACaaS, security end users can access all system activity via a browser from any location without requiring any software installation on their own devices or onsite servers
Video Surveillance as a Service (VSaaS) Typical set up 1: An external service provider stores all system data at their own facilities. Using this method, video data can be streamed to the end users from the external provider s site.
Video Surveillance as a Service (VSaaS) Typical set up 2: Digital video recorders are linked via an internet connection and all video is data available to end users anywhere via a web browser. This method allows end users to manage data conveniently without having to entrust management sensitive video footage to an external provider.
Benefit 1 Initial setup costs are much lower than traditional systems End users do not need to make large equipment purchases for cloud-based solutions, as the infrastructure that they require already exists at the service provider s site. This makes cloud-based security a cost effective solution for many smaller organizations.
Benefit 2 Payment model reduces total cost of ownership (in theory) Because initial costs are reduced significantly and because cloud computing resources are shared by multiple users who pay only for what they use through a flat subscription fee, Security as a Service theoretically brings down the cost of ownership considerably for end users. (Though this depends on the actual price of the subscription).
Benefit 3 Cloud-based solutions can be deployed (and decommissioned) much more quickly Cloud-based security solutions are much lighter than traditional server-based security systems as they do not require software installations or complex server setups. Site 2 Site 1 Site 3 This makes them easier and quicker to install. It also means cloud-based solutions can be scaled back equally easily. Site 4
Benefit 4 Data security is increased in several ways Security data stored on the cloud is backed up on multiple, geographically-dispersed sites making them less vulnerable to equipment failure, natural disasters or security breaches on the premises. Data is also protected by strict encryption protocols.
Current Concerns Very difficult to delete data on the cloud, including sensitive private company data Upgrades are controlled by service provider - users have less control about how services are upgraded to suit requirements Security of users data highly dependent on the viability of the cloud security service provider
Due diligence checklist Questions to ask prospective cloud security vendors: How does the vendor guarantee data security and data privacy? What data encryption standards are in place? Where are servers located? If servers are in a different geographical region, is the vendor in compliance with all relevant regulations for security and legal compliance data? Who is accountable for any security breaches? What are the service agreement arrangements for security failure scenarios? Who is responsible for managing security incident responses? How is data stored?
Due diligence checklist Questions to ask prospective cloud security vendors: Is the data for multiple users stored separately or pooled together? Does the vendor use the facilities of another external party? How do they ensure that this vendor is reliable? What opportunities for system integration are available? What kind of service level agreement does the vendor offer? What options for solution customization are there? Does the vendor have demonstrated performance with similar organizations?