Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
1/26/2018
09:00 AM
Paul Martini
Paul Martini
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Selling Cloud-Based Cybersecurity to a Skeptic

When it comes to security, organizations don't need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.

Nearly five years ago, a study conducted by the MIT Sloan Management Review found that the vast majority of business managers surveyed believed that "achieving digital transformation" – the process of virtualizing operations and migrating toward the cloud – was critical to their organizations. Yet the same report showed that 63% of respondents believed their organization was too slow to embrace technological change, primarily due to a lack of communication about the strategic benefits of cloud adoption.

While in recent years the adoption of cloud-based communication and productivity tools has picked up among businesses -- hybrid cloud adoption increased from 19% to 57% of organizations surveyed in a recent McAfee cloud trends report -- many companies are stillskeptical about embracing cloud-based cybersecurity solutions, even as the benefits of cloud services are becoming more widely acknowledged. Still, misconceptions remain. Here are three key objections, and how to dispel them. 

Objection One: My Data Will Be Safer On-Premises.
When the servers that manage company data move from an on-premises data center into a cloud environment, security teams often feel a loss of control due to their lack of physical proximity to sensitive corporate data. Consequently, before blindly trusting a cloud provider, companies need to vet a potential cloud’s security posture by asking probing questions, for example:

  • What compliance certifications has the cloud earned?
  • Can cloud provider meet industry compliance regulations?
  • What is the disaster recovery plan at the data center?
  • How is individual customer data isolated?
  • What encryption policies does the cloud employ?

Every data center and cloud provider should have clear answers to these questions before they are even considered. Even then, security teams should be mindful of the specific requirements of their own organizations and make sure the cloud services they need are available to them.

Objection Two: Do I Have To Go All In On Cloud?
Organizations don’t need to look at cloud in an either/or context. The next generation of cloud security platforms decouple the physical from the cloud, enabling organizations to meet regulatory compliance for data isolation while leveraging the cloud for remote sites and mobile users without increasing resource overhead.

In this context, organizations can leverage as much or as little cloud as they’d like. If they need certain traffic and data isolated to headquarters, organizations can direct that information through local appliances rather than redirect them to cloud-based solutions. Mixing-and-matching cloud-delivered and appliance-based security tools is also a boon for remote workers, as traffic that doesn’t need to necessarily be backhauled to an appliance at headquarters will experience less latency when processed directly through the cloud. Flexibility is at the core of these tools by not restricting customers to solutions that might be an ill fit.

Objection Three: Migration Will Be Too Disruptive
The truth is, the foundational infrastructure of the cloud is quite mature, having been developed and improved upon since the dawn of the Internet. We simply now call it the cloud, and the benefits of adoption have taken a while to funnel up to critical business decision makers. Teams need to simply do their research and find the least disruptive cloud security solution for their business – one that can scale to their needs appropriately and can be implemented seamlessly rather than upend an entire network infrastructure. 

Paul Martini is the CEO, co-founder and chief architect of iboss, where he pioneered the award-winning iboss Distributed Gateway Platform, a web gateway as a service. Paul has been recognized for his leadership and innovation, receiving the Ernst & Young Entrepreneur of The ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3142
PUBLISHED: 2021-01-28
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...
CVE-2020-35124
PUBLISHED: 2021-01-28
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
CVE-2020-25782
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.
CVE-2020-25783
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.
CVE-2020-25784
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.