Opinion: Avecto’s Andrew Avanessian looks at how to coordinate your security in the cloud.
Over the past ten years there have been few buzzwords as commonly heard in the IT industry as ‘cloud’. I think it’s probably fair to say that a number of people using it in the early days weren’t really sure what it meant.
However, we’ve moved from a period of excitement and wonder to one where a significant proportion of organistions are making the most of what cloud has to offer. Indeed, a recent survey by RightScale Inc., a cloud portfolio management service, suggests more than 90% of businesses are using some form of cloud technology.
Scalability, flexibility, quick upgrades and the ability for smaller companies to access top-of-the-range technology are all reasons why the worldwide public cloud market is forecast to reach $204 billion in 2016, according to Gartner. Similarly, IDC predicts that total global spend on IT infrastructure products for deployment in cloud environments will increase by 18.9% in 2016 to reach $38.2 billion. In comparison, spending on enterprise IT infrastructure deployed in non-cloud, environments will decline by 4%. This is a technology segment that has been on the up for a very long time.
It’s a massive business for cloud providers too. Microsoft currently has 14 data centres across the globe for its Azure platform, and it announced at the end of last year that it would be opening data centres in the UK too. These are incredibly large with many over 300,000 sq ft, illustrating the sheer scale of the industry.
That’s not to say that there aren’t still reservations from companies looking to move into the cloud. Barriers are different depending on whether you’re an SME looking to transfer your entire estate, or a multi-national organisation wanting to migrate one element of your network. It’s not a simple process to move your estate and many organisations would be wise to consider hybrid systems – a mix of cloud and on-premise. Regardless, one issue has always remained constant for CIOs everywhere: security.
The risks of a data breach – either by a malicious outside hacker or rogue insider – are well documented, and becoming more acute with each big company name that falls victim and has their name splashed about the press.
Initially the concerns centred around handing data over to a third-party to manage and the perceived lack of control associated. However, this has largely been a non-issue, with large cloud providers offering a level of security that most other companies wouldn’t be able to achieve.
A situation that is less mature – in the sense that many companies will still perceive it as an issue without a solution – is how endpoint security is managed in the cloud.
Typically, endpoint security is managed on-premise and a control system will sit on the corporate network. From here policies regarding elements such as privilege management and application control can be issued, devices can be monitored and an IT manager can gain total visibility of what is going on within their network.
But once this network actually resides in the cloud, that means the traditional on-premise management platform is less effective. With cloud enabling seamless remote working, can your on-premise platform cope with home-working employees or those working on-the-go? Will your endpoint security solutions follow them out of the walls of the office? The ‘perimeter’ no longer exists and endpoints – and the users operating them – will be targeted wherever they are.
Furthermore, one of the main benefits of a cloud-based infrastructure is the ability to scale up and down quickly. If you can scale up users in a flash, can you also scale up endpoint security policies at the same pace? Or will your infrastructure leave your security playing catch-up?
What businesses need to do to counter this is bring their endpoint security management into the cloud too.
A cloud management platform not only allows IT managers to deploy policies to remote users, it even allows IT managers to carry out this role remotely – something that many wouldn’t have thought possible in the past.
Furthermore, it can scale your endpoint policies in tandem with your network and users meaning you can ensure all your endpoints are secure even when your user base is in flux.
Endpoint security solutions are becoming more diverse and next-generation technologies overtaking more traditional forms, and the need for businesses to keep on the front-foot against ever evolving security threats has never been greater. As time passes and companies migrate more and more of their infrastructure to the cloud, the need for a cloud-based management platform to manage endpoint security is only going to grow. With the benefits on offer, it’s something IT managers should look at closely.
Andrew Avanessian is vice-president at Avecto