Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/26/2018
09:00 AM
Paul Martini
Paul Martini
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Selling Cloud-Based Cybersecurity to a Skeptic

When it comes to security, organizations don't need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.

Nearly five years ago, a study conducted by the MIT Sloan Management Review found that the vast majority of business managers surveyed believed that "achieving digital transformation" – the process of virtualizing operations and migrating toward the cloud – was critical to their organizations. Yet the same report showed that 63% of respondents believed their organization was too slow to embrace technological change, primarily due to a lack of communication about the strategic benefits of cloud adoption.

While in recent years the adoption of cloud-based communication and productivity tools has picked up among businesses -- hybrid cloud adoption increased from 19% to 57% of organizations surveyed in a recent McAfee cloud trends report -- many companies are stillskeptical about embracing cloud-based cybersecurity solutions, even as the benefits of cloud services are becoming more widely acknowledged. Still, misconceptions remain. Here are three key objections, and how to dispel them. 

Objection One: My Data Will Be Safer On-Premises.
When the servers that manage company data move from an on-premises data center into a cloud environment, security teams often feel a loss of control due to their lack of physical proximity to sensitive corporate data. Consequently, before blindly trusting a cloud provider, companies need to vet a potential cloud’s security posture by asking probing questions, for example:

  • What compliance certifications has the cloud earned?
  • Can cloud provider meet industry compliance regulations?
  • What is the disaster recovery plan at the data center?
  • How is individual customer data isolated?
  • What encryption policies does the cloud employ?

Every data center and cloud provider should have clear answers to these questions before they are even considered. Even then, security teams should be mindful of the specific requirements of their own organizations and make sure the cloud services they need are available to them.

Objection Two: Do I Have To Go All In On Cloud?
Organizations don’t need to look at cloud in an either/or context. The next generation of cloud security platforms decouple the physical from the cloud, enabling organizations to meet regulatory compliance for data isolation while leveraging the cloud for remote sites and mobile users without increasing resource overhead.

In this context, organizations can leverage as much or as little cloud as they’d like. If they need certain traffic and data isolated to headquarters, organizations can direct that information through local appliances rather than redirect them to cloud-based solutions. Mixing-and-matching cloud-delivered and appliance-based security tools is also a boon for remote workers, as traffic that doesn’t need to necessarily be backhauled to an appliance at headquarters will experience less latency when processed directly through the cloud. Flexibility is at the core of these tools by not restricting customers to solutions that might be an ill fit.

Objection Three: Migration Will Be Too Disruptive
The truth is, the foundational infrastructure of the cloud is quite mature, having been developed and improved upon since the dawn of the Internet. We simply now call it the cloud, and the benefits of adoption have taken a while to funnel up to critical business decision makers. Teams need to simply do their research and find the least disruptive cloud security solution for their business – one that can scale to their needs appropriately and can be implemented seamlessly rather than upend an entire network infrastructure. 

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVE-2017-15684
PUBLISHED: 2020-11-27
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.