“The cloud” as a phrase has been defined to death, and yet for many people it remains as mysterious as its natural namesake. In Gizmodo, Adam Clark Estes writes that “[the] Cloud is a buzzword that vaguely suggests the promise and convenience of being able to access files from anywhere.”
Replace “files” with “threat protection,” and what remains is a lukewarm definition of cloud-delivered security. However, there’s one enormous difference: cloud-delivered security has evolved in the past few years beyond a mere nice-to-have feature—it’s a burgeoning security model that’s disrupting the industry and making protection more accessible than ever.
However, this again brings us to defining the cloud though through a security lens. What does “cloud-delivered security” actually mean?
One could say “cloud” solutions mean there’s no box on premises, and leave it at that. The box in this case would be a security appliance that sits in a company’s server room. But this definition would be limiting and not inclusive of the many shades of gray that exist in cloud security. As vendors jockey to separate themselves from competitors, the definition can become muddled beyond comprehension.
In the interest of brevity, security solutions can be separated into three categories: on-premises, hybrid cloud, and cloud. Most security professionals are familiar with on-premises solutions: there’s an appliance (again, an actual box) that sits on the network, protecting employees in a specific location. Updates, upgrades, and all other associated work are done in-house. In a hybrid cloud solution, part of that workload is given to the vendor—although there may be new hardware or software to install on-premises. Pure cloud solutions require no new hardware.
Cloud solutions also offer a host of advantages that extend, and work in tandem with, on-premise and hybrid solutions. The most important of which is transforming the traditional security model into something business applications have been for years: on demand.
The SaaS model has been wildly successful, as evidenced in companies such as Salesforce and Box. With Security as a Service, companies are able to take advantage of third-party infrastructure and intelligence to protect their networks without excessive administrative overhead. In a VentureBeat article, Meghan Kelly writes, “Unlike older security tools, like anti-virus software that needs to be installed on every single computer on your network, it’s almost plug and play—you click a button (and likely put in some credit card information) and suddenly you’ve got major security resources at your fingertips.”
For SMB administrators and busy enterprise SOCs alike, having an easily managed and consistent security service is essential. With a third-party vendor handling updates and constantly protecting against new threats globally, in real-time, security and IT professionals can spend less time patching and inevitably cleaning endpoint infections.
Another pressing issue for administrators is scaling security. With a cloud service, this issue disappears. The vendor shoulders the responsibility of building and maintaining the infrastructure. Even the fastest-growing startup or Fortune 500 company can deploy a solution within hours, compared to days. Demonstrating the ease of scale, Google–the quintessential tech industry mammoth–is putting cloud security into place. Google, it seems, understands the importance of not scaling past an appliance’s capacity.
Finally, cloud-delivered security solutions offer the ability to protect endpoints anywhere in the world—an especially useful feature now that more people than ever are working remotely. According to Global Workplace Analytics in 2012, “2.6% of the U.S. employee workforce (3.3 million people, not including the self-employed or unpaid volunteers) considered home their primary place of work.” That number increases each year, and doesn’t factor in employees who travel for work, or mobile devices that access the network and company data. The ability to extend enterprise-grade protection to those workers while maintaining performance standards can only be done through cloud-delivered security, which makes it a valuable part of any security posture.
As the technology behind cloud-delivered security advances, these benefits may be the first of many more to come. If the explosive growth of security as a service companies are any indication of trust, companies are more than willing to place their bets on cloud services–augmenting or even abandoning their hybrid and on-premises solutions.
Discussing Google’s adoption of cloud security, Jon Oltsik, senior principal analyst at IT research firm Enterprise Strategy Group, said, “A lot of companies can learn from Google’s aggressiveness…There’s not a company anywhere that won’t have to develop something like this.”