• 08/19/2015
    7:00 AM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

The Shift To Cloud Security Services

Enterprises are increasingly looking to boost their security posture by tapping cloud-based security services.

A number of high-profile security breaches over the last two years is driving IT pros to rethink their approach to security. More than 300 million private accounts have been breached in attacks at some of the largest U.S.-based companies as well as the federal government. A common theme among the breaches at Target, JP Morgan, and Home Depot is that the companies lacked a comprehensive security strategy that tied together multiple layers of security, according to research by my firm, the Rayno Report.

This era of heightened security risks combined with growing use of the cloud is leading to a broad shift in security architecture to cloud-based and Software-as-a-Service (SaaS) security models, according to Rayno's "Next-Generation Cloud Security" report. Enterprises are finding they need a wider range of tools geared toward the cloud. They also need a coordinated strategy for monitoring and responding to threats at the highest level of the company. 

“If we rewind the tape, our security systems could have been better,” Frank Blake, the former Home Depot CEO, told The Wall Street Journal after retiring. He said his company needed to place a greater emphasis on data security: “Data security just wasn’t high enough in our mission statement.”

The types of security software and tools that can be included to monitor data and networks is vast, including: endpoint monitoring, encryption, email security, web security, identity and access management, intrusion-detection systems, network firewalls, virtualization security, database security, data loss prevention, and distributed denial-of-service (DDoS) protection.

With an expanded number of security tools,  corporations need to implement systems that work together and are increasingly automated. One model is to tap into systems that can monitor threats in the cloud and generate an automated response, such as shutting down access to a system when suspicious activity is discovered. This model, usually with a subscription element, promises more proactive security.

Almost $600 million in venture capital has been pumped into cloud-security startups in just the last few years, according to the Rayno's cloud-security research report, which looks at 23 private and public security companies.

Zscaler is the latest "unicorn" to be created out of the cloud-security surge. Unicorns are private, venture-backed companies that reach $1 billion in valuation. Zscaler recently announced it had received $100 million in Series B funding The company has raised a total of $138 million.

The security drive has led to a boom in the revenues and share prices of security leaders in the public markets. The Rayno Report's analysis of the public pure-play vendors in cloud security shows they have grown from $2 billion to $4 billion in revenue in just three years, with a compound annual growth rate (CAGR) of 24%. Market leaders FireEye, CyberArk, Palo Alto Networks, Proofpoint, and Qualys are showing huge gains in the past year.

The fear and need driving the investment in security is not likely to slow down any time soon. This indicates that the Fortune 500 companies are now playing “catch-up” with regard to security technology.

It's clear that enterprise IT managers are beefing up their security technology and developing new strategies for defending against the bad guys, especially in the cloud.


Cloud security

Scott, thank for the update. I'm glad to see that enterprises are getting on board with cloud security. But, as you said, the sheer number of security tools and products is mond-boggling. How would you recommend a company define what security services could potentially live in the cloud, and then make a short list of possible vendors? 

Re: Cloud security



Each company probably has to identify what they have so far, what their needs will be in the future (IDS, anti-spam, email, analytics), and then plot a strategy. What I imagine will happen is that a lot of network-specific security services such as firewalls will be migrated to the cloud over time. The best analogy I can come up with is when CRM moved from enteprise to the cloud. A certain amount of planning and analysis went into deciding whether that was cheaper or more effective. 



Zscaler was one of the first to offer cloud-based security services, but the market has become pretty crowded with more startups and heavyweights like Cisco moving in.

Security as a Service

Scott, here the quote is "Security as a Service" or Securing the cloud service. I think before opting for a security as a service model, IT peoples has to think about how to safe guard their service from all sorts of hacking and other security issues.

Prioritizing data security

Of course, saying (especially in hindsight) that data security needs to be a high priority is very different from actually prioritizing data security.  Too often, budgetary and political concerns become paramount.  TJX's PCI-DSS disaster a few years ago immediately comes to mind.  (In that scenario, some may recall, the CIO sent out a memo saying that it wasn't cost-effective to be PCI-DSS compliant and essentially dared the lower-level employees to disagree with him.)