The old approach of guarding the network and erecting perimeter defences no longer holds true in a rapidly evolving digital world driven by cloud and mobility. As organizations move an increasing proportion of IT capability out of their own data centers and into cloud services, the challenge of security is ever-present.
According to a survey conducted by Osterman Research, 92 percent of organizations store at least some of their sensitive data in the cloud-based services like Salesforce, Office 365, and Dropbox, etc. In this increasing complexity, organisations face stiff challenges when choosing, planning for and deploying security solutions in the cloud.
“Traditional, perimeter-focused security models that sufficed for an on-premises world are no longer effective in a cloud-centric reality,” says Sam Ghebranious, who heads up cybersecurity organisation Forcepoint in Australia and New Zealand.
“IT decision-makers must address new and innovative ways of protecting their corporate data that now resides on-premises, on mobile devices, and in the cloud,” adds Ghebranious.
The litany of security challenges in this new era of cloud-only, hybrid cloud and on-premises delivery models makes it essential that organizations undertake a proactive re-evaluation of their security posture and strategy.
With insider threats becoming more prevalent, it’s more important than ever for organisations to understand human behaviour and how staff interact with company data.
This allows organisations to take a human-centric approach to threat prevention based on that information.
A report by Osterman Research, sponsored by Forcepoint, compares the advantages and disadvantages of using different approaches to securing a company’s cloud data.
Below are the two approaches recommended in the report, and the pros and cons of each.
The two general approaches to addressing whichever pattern is most relevant are integrating best-of-breed products to create a unified security posture or using a unified solution that delivers an integrated best-in-class security posture.
Osterman Research says both of these approaches have advantages and disadvantages.
Integrating multiple products is based on the idea that different vendors have different strengths, and that one vendor is unlikely to offer a complete suite of defensive tools.
Organisations proceeding down this path take on-board the responsibility to identify, provision, and integrate the right mix of products to address current and emerging threats.
Vendors developing a unified security solution attempt to create a wide-ranging offering with as many separate capabilities as well integrated as possible, with usage and management coherency across the different modules and subsystems.
A single pane of glass approach can manage all of the available capabilities, as opposed to having separate and different management interfaces.
Organisations that are able to use fewer security products that individually offer more capability are likely to have a lower total cost of ownership and a higher overall level of security.
Fewer, separate products mean lower coordination and configuration costs both initially and over time, a unified end-to-end security solution is likely to provide the best coverage against current, new and emerging threats.
The threatscape is expanding as organisations are migrating more and more of their data and IT functionality to the cloud.
These trends are creating a situation in which the old security models no longer work as well as they once did and must be carefully re-evaluated, new security models must adopted, and new strategies developed to ensure that all sensitive corporate data, regardless of its location, can be adequately protected.
Choosing the right security vendors – arguably a more important priority in the cloud era than it ever was in the on-premises era – must be among the highest priorities for both IT and business decision makers.
“The right vendor needs to provide full visibility and protection of data in the cloud based on a risk-adaptive security approach to ensure round the clock protection of business-critical information," says Ghebranious.