SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

​Expert says pay-as-you-go cybersecurity model is the future

FYI, this story is more than a year old

The “by the glass” consumption model, whereby businesses pay for IT resources and services as and when they need them, offers widely accepted financial and operational benefits that promote agility, scalability, and digital transformation.

The model is already working in the cloud and for IT. Leading cloud service providers such as Amazon Web Services (AWS), Microsoft, and Google all now charge by smaller and smaller increments, allowing customers access to services on an as-needed basis. For instance, AWS has been boldly aggressive in formulating its consumption model, actually charging customers for services used by the second. Business leaders should follow suit and challenge their CISOs if they are not adopting cloud as the platform that allows this change in consumption models.

There is no reason we should not be embracing this same idea for cybersecurity – a sector which unfortunately remains largely rooted in a procurement and deployment model that often results in over-provisioning, security silos, and management challenges. Security needs to have the capacity to not only respond in a timely fashion, but also adapt; maximum capacity is not needed at all times. Changing the consumption model from big-hardware investments to a pay-for-what-you-use model is vital.

Aligning stakeholder priorities

It goes without saying that the need for business executives and technical leaders to be on the same page – particularly in terms of priorities for deploying IT resources and services – is important to achieve business goals. However, more and more often, we run into examples where the two camps find themselves staring at a crossroads from two different perspectives.

Analysts have found that 67% of business leaders and board members are pushing CIOs, CISOs, and other technical leaders to evolve their services and approaches faster and more aggressively. Board members have climbed aboard the digital-transformation bandwagon, and they want their organisations to move quicker than their competitors toward that goal.

Research from Palo Alto Networks' cloud security study which surveyed 500 CISOs in eight countries indicates that most cybersecurity executives believe things might be moving too fast for them to properly assess risks and their implications. Board members and business leaders have fast become big believers in the notion of “disposable IT,” which imposes a smaller footprint on enterprises, while providing greater agility and, potentially, cost savings. Many CISOs, however, are still in a traditional mindset of purchasing multiyear licenses for security, backed up by a lot of testing, risk analysis, and methodical decision-making. Organisations must find ways of spanning the chasm between the “go faster” mandate from the board and the “let's tame the cyber-risk monster” philosophy of the CISO?

Coordinating consumption

Businesses should pay heavy attention to actual usage patterns of IT and cybersecurity and how security maps to IT services, helping ensure cybersecurity consumption models mirror IT consumption models. For instance, if your IT organisation has adopted say, a DevOps process, your IT usage and availability profile could change every week, every day, or perhaps even every few hours. Security consumption must align with those IT-usage trend lines.

The process can be viewed by imagining a three-legged stool. First, there's an operational need; second, the developers build the solution to meet that need; and, third, security must be bound to those operational and development cycles. Unfortunately, DevOps—so far—doesn't typically include this security leg.

Business leaders are demanding real-time adaptation of software to match operational requirements, and security must match that every step of the way. If not, new DevOps scenarios and requirements will have come and gone before the security team can figure out what was needed—yesterday. 

Hence, there's a need to shift from DevOps to DevSecOps, where security is natively part of the DevOps process.

Future-proofing business

Adopting a pay-as-you-go cybersecurity consumption model enables the agility, responsiveness, scalability, and cost efficiency today's application-development and deployment cycles require.

Organisations that hesitate moving this way are likely to find themselves over-investing in security capex and not being able to pivot on a dime when new risks emerge. Case in point: I recently meet with a CIO who wanted to transform his company's data center, and he told me it took an inordinately long amount of time re-architect, get approval, and roll it out. So much so that he admitted that, today, the centre is already out of date. Getting caught up in monolithic, long-term investments simply doesn't make sense if you wish to remain competitive in the increasingly digitised markets.

Which brings us back to that tension between the business side and the technical side when it comes to security solutions which can occur when there is a disparity between business executives' and CISO's depth of knowledge about cybersecurity.

Moving to a pay-as-you-go model of cybersecurity consumption is a win-win for both the business leaders and the CISO. Both parties are safe in the knowledge that their data, business processes, routes to market, intellectual property, and sources of competitive advantage are protected against cyber threats. Moving to this model affords the business greater digital agility while avoiding over-provisioning, keeping its executives and board members happy. Meanwhile, the model ensures that the organisation is completely protected from cyber threats no matter how fast the organisation's development. It also prevents the organisation from under-provisioning on cybersecurity, also keeping the CISO happy

If your organisation is going to have disposable IT as its new paradigm for digital transformation, and you intend to align cybersecurity with it, this changing world might leave CISOs feeling pressured to keep pace. But it doesn't have to be a harrowing experience, especially if there's a plan to move to a by-the-glass model for security, as well.

Discovering and thwarting breaches before they happen – and doing so against a rapidly evolving and increasingly innovative set of bad actors – can become prohibitively expensive and very manpower-dependent. As noted above, bringing cybersecurity into the mix is that third leg of the stool. Pay-as-you-go security enables agility, reduces costs, and can speed response times (since there is no limit to capacity).

Related stories
Top stories
Story image
Malware
Black Lotus Labs discovers new, multipurpose malware
Black Lotus Labs, the threat intelligence team at Lumen, has discovered a new, rapidly growing, multipurpose malware written in the Go programming language.
Story image
Distributed Denial of Service
Sysdig reveals a loss of $53 for every $1 cryptojackers gain
The 2022 Sysdig Cloud Native Threat Report breaks down supply chain attacks against containers and how geopolitical conflict influences attacker behaviours.
Story image
Firewall
Barracuda accelerates growth in its data protection business
Barracuda cloud-to-cloud backup protects against evolving cyber threats, such as ransomware, and is now transactable in the Azure Marketplace.
Story image
Apple
Jamf shows intent to acquire mobile security firm ZecOps
This acquisition positions Jamf to help IT and security teams strengthen their organisation’s mobile security posture.
Story image
Work from home
Jamf showcases new products to simplify and secure work
At the 13th annual Jamf Nation User Conference, the company shared how its continuous product innovation is helping organisations succeed with Apple.
Story image
Network Management
Fortinet introduces enhanced AIOps across its gateways
FortiAIOps builds on Fortinet's rich history of developing artificial intelligence to deliver actionable network insights for self-optimising management.
Story image
Kaspersky
Cybersecurity loopholes prevalent in South East Asia
In terms of the share of vulnerabilities with publicly available exploits, three countries out of top five are located in Southeast Asia.
Story image
Cloud
How modern IT architectures are moving beyond network visibility
Dealing with multiple cloud providers makes it difficult to identify security threats and performance bottlenecks and troubleshoot issues.
Story image
Malware
Kaspersky uncovers new malicious malware NullMixer
Kaspersky researchers have uncovered a new malware stealing users credentials, address, credit card data, cryptocurrencies, and accounts.
Story image
Cybersecurity
Employees unsure who to go to to report security incident
A new study shows more than 20% of the untrained global workforce do not know who to contact during a security breach.
Story image
Hybrid Cloud
Hybrid cloud security driving need for deep observability
Gigamon is bringing application and network-level intelligence together to help network, security, and cloud IT operations teams eliminate security blind spots.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Cybersecurity
StackHawk launches deeper API security test coverage
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs.
Story image
Malware
SonicWall threat report mid-year update highlights significant threat variance
The 2022 SonicWall Cyber Threat Report mid-year update from SonicWall gives an in-depth insight into many of the current trends across the threat landscape.
Story image
Cybersecurity
Kaspersky updates endpoint detection and response solution
"One of the goals was to make all the solutions capabilities accessible for all types of our users, even those who are making their first steps in EDR."
Story image
Cybersecurity
Video: 10 Minute IT Jams - An update from SearchInform
Val Novoselova joins us today to to discuss new trends in the information security space, and how SearchInform is adapting to some of the new trends we are seeing.
Story image
Mobile Device Management
How to easily scale your mobile workforce and devices for the peak shopping season
Retailers are under constant pressure to streamline processes and become more efficient while looking for ways to improve customer satisfaction levels.
Story image
Cybersecurity
Best practices for industrial cyber resilience
Operational technology (OT) security is gaining more attention than ever before, but sufficient understanding of what it takes to prevent breaches is still lacking amongst many organisations.
Story image
Cybersecurity
De-risking the innovation cycle – a modern, real-time approach to security
Many organisations see cybersecurity as an inhibitor of innovation, with burdensome protection measures standing in the way of progress and speed.
Story image
Data Protection
Cloudflare brings Data Localisation Suite to more APAC businesses
This allows any business in these countries to service their data locally while benefiting from the speed, security, and scalability of Cloudflare’s global network.
Story image
Enterprise
Delinea shares the importance of PAM, partners and security for modern enterprise
Identity-based security is becoming a crucial tool for modern enterprises as they continue to adapt to different working environments.
Story image
Software-as-a-Service
Varonis adds secrets discovery to data classification
The data security firm announces enhancements that detect and remediate overexposed private keys, encryption certificates, API keys, and authentication tokens.
Story image
Virtual Private Network
95% of organisation rely on VPN as threats continue - report
There is a growing number of VPN-specific security threats and a need for Zero Trust security architecture in enterprise-level organisations.
Story image
Ransomware
Commvault unveils early warning system, Metallic ThreatWise
A first among data protection vendors, the new cyber deception service detects and contains ransomware threats.
Story image
Cybersecurity
Ransomware attacks continue to increase, report finds
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months.
Aws Marketplace
Learn how to implement a backup and recovery plan for a new generation of Kubernetes-based modern applications
Link image
Story image
Artificial Intelligence
Ordr improves security and management of connected devices
It has implemented more than 80 integrations within the Ordr Data Lake while adding security enhancements to accelerate zero trust segmentation.
Story image
IT Training
Six ways to transform your cybersecurity training and influence lasting change
If the goal is to win hearts and minds, formal awareness training can fall short and often doesn’t inspire people to care.
Story image
Threat intelligence
Trellix advances threat intelligence with new research centre
Trellix has announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Story image
Cloud Security
75% of AU companies had cloud security incident in past year
According to new Venafi research, complexity is due to increase, as companies plan to host more applications in the cloud.
Story image
Secure Code Warrior
Secure Code Warrior announces Coding Labs innovation
Coding Labs mechanisms allow developers to move from learning to applying secure coding knowledge more efficiently, leading to fewer code vulnerabilities.
Story image
Malware
Cybereason delivers nation-state level of protection to enterprises
Cybereason has announced new advancements in Cybereason NGAV that deliver nation-state level protection for organisations of all sizes.
Story image
Phishing
Vectra Protect team finds Microsoft Teams vulnerability
The Vectra Protect team identified a post-exploitation opportunity in August, allowing malicious actors to steal valid user credentials from Microsoft Teams.
Story image
Cybersecurity
Test your API Security with Infinite API Scanner
The effectiveness of API scanning technology can mean the difference between successful and unsuccessful programming outcomes, and often enterprises and IT leaders struggle to get it right.
Story image
Legacy
Trellix enables greater cyber resiliency with extended XDR platform
"Legacy SIEM technology has failed to modernise security operations. We are confident Trellix XDR fills this critical gap.”
Story image
Ransomware
Delinea updates DevOps security, remote access more seamless
New enhancements include development support on the most recent Mac computers and improved secrets' management usability through automation.
Story image
Malware
Decrease in malware volume, but surge in encrypted malware
The Q2 Internet Security Report found office exploits continue to spread more than any other category of malware.
Story image
Software-as-a-Service
Enterprises yet to fully commit to cybersecurity - CompTIA
“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cybersecurity, but this poses significant challenges."
Story image
Edge Security
Security practices for modernising the “spaghetti” of on-premises IT
Many organisations are wondering how to securely modernise their workload, often made up of a “spaghetti” of on-premises applications and management consoles.
Story image
Cybersecurity
Macroeconomic headwinds driving security up priority list
Current macroeconomic headwinds are driving security up enterprise’s priority list and reshaping the hardware Security Module market.