As companies replace premise-based data centers with virtual cloud data centers, the expectations of these customers will change as well, they look for elastic ways to purchase security services, as well as, methods that allow for the active defense of both cloud, and premise based workloads. Consider the following:
- We have heard that the perimeter is dead, and many ways it is. We name the normal assassins and they include outsourcing, mobile solutions, and the cloud.
- Another truism is that companies never wanted to be in the information technology business in the first place. Information technology has brought real productivity improvements but it has also brought significant costs.
- Moving information technology to the cloud provides companies the opportunity to reallocate costs from capital expenditures to operational expenditures and reassign operations staff to other roles.
- All of these changes are the harbingers of what I term Cybersecurity Utilities and the birth and fast growth of cybersecurity utility companies. Imagine a world where your employees and customers just by connecting to the internet or corporate network protected themselves against some of the most common types of cyberattacks.
Why Do We Want or Need Cybersecurity Utilities?
Let me first define utility cybersecurity by using a common example most of us can identify with. Picture the following two scenarios.
Scenario Number 1
It’s in the evening, and dark when you arrive home. You exit your car, take a flashlight from your backpack, turn the light on, the light is a little dim, so you make a mental note to replace the batteries at the next chance you have. You walk around to the back of the house, uncover your generator, and prepare to start it.
You realize the generator's fuel tank is empty so you have to fumble with your keys, walk to the storage room, and unlock the storage room door. Looking around you find the fuel can on the floor, carry it out to the generator. It's still dark so you fumble with your flashlight and the cap on the fuel can. Removing the cap, you fill the generator's tank from the can, replace the cap, and get ready to start the generator. You remember to check the oil level on the generator by pulling the dipstick to make sure the generator has the correct amount of oil, and thankfully, it does.
You replace the dipstick, set the engine's choke correctly, pull the starter rope several times to cycle fuel into the generator's engine, and on the third pull, the generator roars to life. As the generator cycles up to full speed, your walk back to the storage room to return the can. The can is almost empty so you make a mental note to drive to the gas station tomorrow to refill the can and buy batteries. You close and lock the storage room door, walk around to the front of the house, take your keys, unlock the front door, enter the house, turn on a few lights, go to the bar and poor yourself a drink. Oh, its good to be home.
Scenario Number 2
It’s in the evening, and dark when you arrive home. You walk to the front of the house, take your keys, unlock the front door, enter the house, turn on a few lights, go to the bar and poor yourself a drink. Oh, it's good to be home.
Which scenario sounds better to you?
Most of us identify with these two scenarios and it is why we appreciate public utilities. Public utilities provide a vast improvement in customer experience, safety, and ease of use. And few would trade the convenience and economies of scale a utility provides Cybersecurity, unfortunately, today, is more like scenario one. The number of processes and technologies security and risk pros employ to keep the enterprise safe is, by most standards. much more complex than the generator, fuel can, and flashlight used in Scenario 1. Yet this is exactly what security teams do every day to prevent cyberbreach. Is there an alternative? The answer is clearly yes. On the near horizon are what can only be termed as security utilities.
Who Is Leading These Changes?
Cloud based security companies such as OpenDNS, Z-Scaler and Cloudflare cloud based models are leading these changes. These companies offer simplicity of sign-up, good security characteristics and affordability. All of these solutions use a clean pipe philosophy – although only one vendor uses that term, where the service cleans customer’s information. This approach is much simpler from the customer's perspective and provides a very flexible deployment model.
- OpenDNS for example provides protection against rogue sites and the malware they distribute by steering you away from these sites. The company offers a free personal account that requires a simple change in your computer's or internet facing router's DNS tables. Enterprise and business customers need to pay for a subscription for the company's advanced services. With the Enterprise Service the company also allows customers to deploy their favorite sandbox malware defense tool such as FireEye, using APIs.
- Z-Scaler, another cloud based solution, takes the OpenDNS model a step further by integrating additional security features into its offering such as malware sandboxing. Z-Scaler's approach is to address complex security issues by engineering the capability into their solution.
- CloudFlare, a content delivery network also provides a limited set of security services such as distributed denial of service (DDoS) with the company's content delivery offering. These companies demonstrate that it is possible to avoid much of the complexity of operating a security infrastructure.
None of these companies offers a "complete security solution" today but their service offerings are directionally correct. Customers will demand easy self-deployment models that appear seamless to the customer. Pricing will be simple and security will move towards a "feature of" model where business technology includes security as part of the solution. Cloud computing is ushering in the world of utility computing and utility security will ride the cloud wave.
Posted by Edward Ferrara