Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/26/2018
09:00 AM
Paul Martini
Paul Martini
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Selling Cloud-Based Cybersecurity to a Skeptic

When it comes to security, organizations don't need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.

Nearly five years ago, a study conducted by the MIT Sloan Management Review found that the vast majority of business managers surveyed believed that "achieving digital transformation" – the process of virtualizing operations and migrating toward the cloud – was critical to their organizations. Yet the same report showed that 63% of respondents believed their organization was too slow to embrace technological change, primarily due to a lack of communication about the strategic benefits of cloud adoption.

While in recent years the adoption of cloud-based communication and productivity tools has picked up among businesses -- hybrid cloud adoption increased from 19% to 57% of organizations surveyed in a recent McAfee cloud trends report -- many companies are stillskeptical about embracing cloud-based cybersecurity solutions, even as the benefits of cloud services are becoming more widely acknowledged. Still, misconceptions remain. Here are three key objections, and how to dispel them. 

Objection One: My Data Will Be Safer On-Premises.
When the servers that manage company data move from an on-premises data center into a cloud environment, security teams often feel a loss of control due to their lack of physical proximity to sensitive corporate data. Consequently, before blindly trusting a cloud provider, companies need to vet a potential cloud’s security posture by asking probing questions, for example:

  • What compliance certifications has the cloud earned?
  • Can cloud provider meet industry compliance regulations?
  • What is the disaster recovery plan at the data center?
  • How is individual customer data isolated?
  • What encryption policies does the cloud employ?

Every data center and cloud provider should have clear answers to these questions before they are even considered. Even then, security teams should be mindful of the specific requirements of their own organizations and make sure the cloud services they need are available to them.

Objection Two: Do I Have To Go All In On Cloud?
Organizations don’t need to look at cloud in an either/or context. The next generation of cloud security platforms decouple the physical from the cloud, enabling organizations to meet regulatory compliance for data isolation while leveraging the cloud for remote sites and mobile users without increasing resource overhead.

In this context, organizations can leverage as much or as little cloud as they’d like. If they need certain traffic and data isolated to headquarters, organizations can direct that information through local appliances rather than redirect them to cloud-based solutions. Mixing-and-matching cloud-delivered and appliance-based security tools is also a boon for remote workers, as traffic that doesn’t need to necessarily be backhauled to an appliance at headquarters will experience less latency when processed directly through the cloud. Flexibility is at the core of these tools by not restricting customers to solutions that might be an ill fit.

Objection Three: Migration Will Be Too Disruptive
The truth is, the foundational infrastructure of the cloud is quite mature, having been developed and improved upon since the dawn of the Internet. We simply now call it the cloud, and the benefits of adoption have taken a while to funnel up to critical business decision makers. Teams need to simply do their research and find the least disruptive cloud security solution for their business – one that can scale to their needs appropriately and can be implemented seamlessly rather than upend an entire network infrastructure. 

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9923
PUBLISHED: 2019-03-22
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVE-2019-9924
PUBLISHED: 2019-03-22
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVE-2019-9925
PUBLISHED: 2019-03-22
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
CVE-2019-9927
PUBLISHED: 2019-03-22
Caret before 2019-02-22 allows Remote Code Execution.
CVE-2019-9936
PUBLISHED: 2019-03-22
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.