In the past, we measured the speed at which security could process a packet and push it on to the next hop. Security solutions and services that introduced too much latency into the speed of response to the user were considered less than optimal.
Why? Since the broad adoption of the Internet as a platform for commerce and communication, we have continually measured the performance of multiple domains – notably app delivery and security – based on the speed of response to the user.
As such, security solutions with high latency were rarely used for more than monitoring, which made their efficacy nearly zero. After all, if the lock is merely installed and never used, it doesn’t do much to stop intruders, does it?
This measure continues to dominate security decisions. We are still impatient, and security remains negotiable when weighed against response time.
That’s not conjecture. If you recall, we specifically asked about the balance between security and speed last year in our annual research and found that 76% of organizations would abandon security controls for as little as a 1% increase in performance.
We didn’t ask again. Because honestly, it’s kind of depressing.
But we did ask about a different kind of speed of response. The speed of response to incidents. And we asked in the context of the rather accelerated adoption rate of security as a service offerings.
Reduced latency needed to neutralize threats
There’s no mistaking these results. Organizations are flocking to security-as-a-service because they crave the speed to address emerging threats. They are looking for ways to reduce the latency introduced by the processes needed to detect and neutralize a threat. It’s still about speed, but now it’s about the speed of a process rather than the speed of a packet.
The tendency to gravitate toward security-as-a-service for its ability to rapidly address an emerging threat is based on several capabilities exhibited by a service-based model that are not present in traditional enterprise models for similar services:
- The provider sees a great deal more traffic and, therefore, a greater percentage of ‘bad’ traffic. It can identify emerging threats – attacks, attempts to exploit new vulnerabilities, etc. - much faster. Because the provider controls the entire infrastructure, it can rapidly deploy responses to those threats – even to customers that have not yet been targeted.
- A provider can test, certify, and roll out upgrades, patches, and hot-fixes much faster because it has only a few key services to worry about. The typical enterprise has, if we believe the common consensus, more than 500 different applications in operation. Many of them share the same infrastructure services, particularly when it comes to security. That means the "patch-gap," as it were, is likely to be much longer because there are potentially hundreds of applications that can be impacted.
Rapid response to threats essential
In today’s world, speed of response to threats is as important a measure as speed of response to users. It’s no surprise that Splunk’s State of Security 2023 found the top metric used by business leaders was security efficiency metrics such as MTTD (mean time to detect) and MTTR (mean time to respond), nor that the most concerned threat was zero-day vulnerabilities.
That doesn’t mean the speed of response to users is irrelevant. In fact, the balance between speed of response to threats and users is often best served by security-as-a-service offerings because the services typically operate closer to the edge, to the origin of attacks. The sooner an attack is identified and neutralized, the less load on the applications and services legitimate customers and employees rely on. And I know you’re familiar with operational axiom #2 – as load increases, performance decreases.
While there are still many types of applications and services that can't effectively leverage security-as-a-service, most of the very public-facing ones can. The key to greater security efficacy is a strategic approach that uses both security-as-a-service and traditional on-premises solutions where they make the most sense. That is, where they can provide the right balance of speed of response to users and threats.
Security is a strategic discipline today that demands the same attention to the speed of processes as that of passing packets.