{"id":35946,"date":"2020-06-17T07:07:32","date_gmt":"2020-06-17T11:07:32","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&p=35946"},"modified":"2022-10-10T09:29:59","modified_gmt":"2022-10-10T13:29:59","slug":"security-as-a-service-cloud-migration","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/security-as-a-service-cloud-migration\/35946\/","title":{"rendered":"Why you need Security as a Service for cloud migration"},"content":{"rendered":"

From small-to-medium-sized businesses (SMBs) to the biggest multinationals, use of cloud computing infrastructure and services is growing exponentially. S<\/a>pending on<\/a> end-user<\/a> information security and risk management will <\/a>reach<\/a> 188 billion US dollars <\/a>by 2023<\/a>, according to leading technology researchers Gartner.<\/p>\n

This vote of confidence in the cloud could partly come from greater confidence in Security as a Service (SECaaS.) In our interview, Curtis Franklin, Senior Editor at widely read<\/a> cybersecurity news site Dark Reading<\/a>, says SECaaS is a consideration in many cloud migrations, but not the primary factor.<\/p>\n

Not all businesses are ready to migrate everything to a cloud environment \u2013 or in other words, to migrate to Enterprise as a Service (EaaS) \u2013 but their cloud assets still need enterprise-grade, cloud-based security.<\/p>\n

Firewall plus access less identity<\/h2>\n

IT departments have widely accepted security solutions like web application firewalls (WAF,) security information and event management (SIEM) and encryption. Franklin says user identity is there: \u201cCloud access security brokers (CASB) are an option: On-premises or cloud-based software that sits between cloud service users and cloud applications. It monitors all activity and enforces security policies. Some would have called it the next-generation firewall. It\u2019s a firewall and access management in one application, but not so much identity.\u201d<\/p>\n

In the cloud, there\u2019s a lot of analytics data, or Security Operations Center as a Service (SOCaaS,) that can be added to user credential management, managing encryption keys and identities.<\/p>\n

What companies should look for<\/h2>\n

Look at the expertise your cloud service brings to the table. Is it just a service, or a service with people? The security of application program interfaces (APIs) that connect data and applications in the cloud is also critical.<\/p>\n

Franklin warns against introducing vulnerabilities to take advantage of a new cloud-based experience. \u201cEvery time you have one application connecting to another, you have a place where a vulnerability can exist. In the cloud, there are many of those.\u201d<\/p>\n

A lower Total Cost of Ownership (or TCO \u2013 direct and indirect costs of an application or system) isn\u2019t a given unless the enterprise manager has carefully crunched the numbers.<\/p>\n

Franklin cites cases where companies on volume-based cloud service pricing schedules didn\u2019t know their actual volume, or the cloud got unexpectedly popular with staff, so they ended up with high costs.<\/p><\/blockquote>\n

\u201cMany now understand you\u2019re not always reducing your costs, but shifting it. You\u2019re exchanging Capital Expense for Operational Expense. For a lot of customers, that\u2019s fine or better, because it\u2019s taxed differently and hits a different part of the annual report. You\u2019re taking the money you\u2019d spend anyway and getting more value for it.\u201d<\/p>\n

Sometimes when you\u2019re buying SOCaaS, you\u2019re buying expertise in the form of people you can\u2019t otherwise find. You\u2019re trusting the cloud provider to find and rent those minds to you, rather than trying to find them yourself.<\/p>\n

Built-in reporting and customer support are critical. If an attacker knows more about your infrastructure and environment than you do, it\u2019s an opportunity for an exploit.<\/p><\/blockquote>\n

Franklin suggests using these services to stay on top of what\u2019s really happening in your environment, as opposed to what you think is happening.<\/p>\n

What about cloud service agreements?<\/h2>\n

Review cloud service agreements (CSAs) to ensure you\u2019ll get the value you need from the service. There must be enough flexibility to set things up so you can realize that value. Know what you want out of the relationship: Harmonious functionality between the cloud service provider and your existing applications. Everything flows from that.
\n\"security
\nReporting can help you understand what you\u2019re getting from the service. Franklin says, \u201cAre you paying for notification? Are you paying for integration with other systems that will automatically act on signals received? Will it play a role in procedural controls or is it going to be active in process control? You need to know, because if it\u2019s process control, there\u2019s automation. If it\u2019s procedure control, you\u2019re getting notifications people will have to review. It\u2019s critical to know upfront, as part of your CSA, which it is and where those notifications are going.\u201d<\/p>\n

How will SECaaS solutions evolve?<\/h2>\n

Franklin believes SECaaS solutions will evolve in two ways. On the one hand, there will be SECaaS solutions that augment the intelligence of IT staff, letting analysts and engineers be more productive. On the other hand, some will replace human analysts and engineers. The human replacement may be of more interest to small-to-medium sized business, and automation of more interest to larger enterprises. He says businesses should know which path they\u2019re taking when they talk to a service provider. \u201cAre they going to make your current staff more effective, letting you avoid hiring or taking over staff roles?\u201d<\/p>\n

There\u2019ll be much more solution development in authentication and access management because it\u2019s a complex piece of the security puzzle. Franklin sees much of that going to the cloud service provider that\u2019s handling multi-factor authentication. Whether it\u2019s a secondary factor that comes through an app, an SMS or something else, the cloud will handle it. He says more companies want the cloud provider to handle all access management, because it\u2019s complicated. They want to be able to do it for their employees on both corporate and personal devices. SECaaS bundled into the cloud service provider services, or bought by the business from a vendor, is an excellent way to do it.<\/p>\n","protected":false},"excerpt":{"rendered":"

Businesses need enterprise-grade, cloud-based security for their public, private and hybrid cloud migrations and assets. Security as a Service is the solution.<\/p>\n","protected":false},"author":2567,"featured_media":35947,"template":"","coauthors":[3729],"class_list":{"0":"post-35946","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-cloud","7":"emagazine-category-enterprise-cybersecurity","8":"emagazine-tag-cloud-security","9":"emagazine-tag-secaas"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/security-as-a-service-cloud-migration\/35946\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/security-as-a-service-cloud-migration\/22635\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/35946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2567"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/35947"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=35946"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=35946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}