Networking, CSPs

Business Innovation Plus Modern Cybersecurity Require Cloud Services

Share

If you asked any CIO a few years ago about the top reasons to move to the cloud, security wouldn’t be on the list.

LinkedIn: Chris Miller, security practice lead, Avanade

IT efficiency? Check. Speed to market? Check. But security? Not only would it not make the list, it would top another list: Reasons NOT to go to cloud. Security was simply too unknown, too hard to trust. Too hard to control.

How things have changed.

New priorities and challenges in the cloud era

Today’s organizations face numerous evolving challenges across two broad categories: the demands for businesses to innovate, and an evolving threat landscape.

In the first category, enterprises are looking to the cloud to deliver modern workplace experiences, enabling people to work more fluidly, and access their data and applications, anywhere. Similarly, businesses also want to scale their services, innovate and reach the market faster. As a result, the surface of attack for organizations is only getting larger, more complicated and harder to monitor and control (e.g. shadow IT).

In the second category, the threat landscape is evolving at a similar clip. Attackers are leveraging automation, artificial intelligence and social engineering to steal identities, breach perimeters and do damage far faster, at far greater scale than ever before. Microsoft reports identity-based attacks are up 300 percent in the last year. And today, 96 percent of malware is automated and polymorphic, changing its shape every time it infects a new system.

Driving the need for cloud security

In both cases, traditional security approaches, staffing and technologies simply can’t keep up. Worse, in the rush to patch holes and keep attacks at bay, organizations are addressing security issues ad hoc with no integrated strategy, leading to solution sprawl and blind spots.

Businesses know they need a holistic security solution, one that can protect identity and access, encrypt data automatically, detect advanced threats and optimize management and governance. But these are heavy demands, far too expensive, time consuming and complex for most organizations to meet alone. Not only do “Band-Aid approaches” take months or years to put in place, they make things worse and more complex once delivered. No matter how much patching you do, advanced threats are already one step ahead, and your security posture is already obsolete.

Which is where the push for cloud security comes in. Cloud providers are experts at addressing these challenges, and they are evolving their products to make security as simple, scalable and effective as possible.

If your data was money, would you stuff it in the mattress?

Think of it like this: If you have been stuffing money in your mattress all your life, then decided you wanted to move it to a safer place, like a bank, what would you do? Build your own bank and hire security guards 24/7, or walk down the street to the nearest branch and open a savings account?

Today’s businesses face a similar, but obvious choice. Businesses need holistic modern security, and they know they can only get it in the cloud. While it’s obvious major cloud providers have larger budgets, it’s important to note just how much more they have at stake. If they were breached or treated your data irresponsibly, the loss of trust and financial liabilities would be catastrophic

There are a number of key benefits and features of working with cloud providers to support your security.

Chief among them is intelligence. Products such as the Microsoft Intelligent Security Graph, for example, use machine learning to analyze mountains of threat signals data from core applications and devices. It scans billions of Outlook emails, internet searches and devices, every day, to quickly identify and combat new threats.

Then there’s the people smarts and brain power. Cloud providers have legions of highly-skilled security experts, whose sole job is to analyze threat data, then identify and fix vulnerabilities. This brings a level of expertise most enterprises can’t afford to have on their defensive payroll.

Another thing major cloud providers get right is simplicity, helping you reduce the number of solutions in your environment. For example, with built-in security in Microsoft’s most popular cloud products, such as Office 365, Windows 10 and Azure, you no longer need dozens of new security products to protect identity and data and stop advanced threats.

Finally, there are the investments cloud companies make in physical and operational security. From scanning employees for risky USB’s, to red team / blue team exercises, the best cloud companies invest billions every year in maintaining and constantly improving the security of its products. Can your organization say the same thing?

What’s next?

To sum it all up: The drive to the cloud is no longer happening despite security concerns. It’s being accelerated because of them. And although no cloud provider has a perfect record, I think Microsoft offers a great example of this trend. I expect to see it rise in the security world for the next few years as a result.

Leave a comment and let me know where you are placing your big bets in the security space for 2019 and beyond.

Chris Miller leads Avanade's global security practice. Read more Avanade blogs here.

You can skip this ad in 5 seconds