printer friendly version

Security management by cloud

There is no doubt that cloud-based managed security services will be the only way for most enterprises to handle their information security in future.

Frost & Sullivan predicted that the market for Managed Security Service Providers (MSSPs) would grow from $6.66 billion in 2011, to $15.63 billion this year, while a new report by Markets and Markets predicts the market size will grow from $35.54 Billion this year to $76.73 Billion by 2021. Infonetics Research says the managed security market will exceed $9 billion by 2017. In EMEA, a 2014 Frost & Sullivan report predicted the MSSP market would grow to $5 billion by 2018. A growing share of this MSSP market is cloud-based, particularly in small to mid-sized enterprises and for non-critical data and systems.

This growing confidence in cloud-based hosted solutions for securing critical enterprise data is a marked change from attitudes just a few years ago, when enterprises feared for the security of any data hosted in the cloud. They expressed concerns about losing control of their data, the implications of hosting it across borders, and accountability for security breaches.

Now, organisations are moving to benefit from cloud-based managed security services in growing numbers, thanks to the cost savings, advanced protection and operational efficiencies they offer. In South Africa, we are seeing steady growth in the number of MSSPs running multi-tenant solutions.

Cloud-based hosted managed security allows even small and mid-sized businesses to benefit from high-level security skills and solutions they would not be able to procure independently. In many cases, the security services are provided by the same service provider supplying other hosted services, simplifying the overall management of the organisation’s systems and applications. Concerns about where data is hosted are falling away as local hosting centres proliferate and organisations become accustomed to regularly using internationally-hosted cloud-based tools.

The benefits are proving to be significant: access to specialised security skills and the latest threat protection, a lower total cost of ownership, less management complexity and greater ease of use. The only potential drawbacks of using a cloud-based MSSP would be the loss of a certain amount of control over the organisation’s data, and the potential for SLAs to inadequately spell out all processes and accountability.

For this reason, it is crucial for in-house IT and risk management to carefully scrutinise the credentials and SLAs presented by MSSPs, addressing questions like guarantees on DDoS protection, risk audits, recovery times and penetration testing procedures. Responsibilities, liabilities and penalties must be clearly spelt out. Organisations must also take responsibility for those components of information security that are out of the hands of the MSSP – including employee risk, mobile risk, unsecured corporate Wi-Fi hot spots, the effective encryption of data in transit and the need to have backups of backups to mitigate the impact of data being wiped.

Share this article:

Further reading: