This page contains a Flash digital edition of a book.
N


etwork security and asset management have been


fundamental concerns for businesses of all types and sizes, and though keeping those in-house might seem like the best recourse, current trends seem to indicate that security-as-a-service (SaaS) is the way to go in the future.


Companies of all stripes have been caught in an inadvertent pincer’s movement that refl ects the rapid evolution of corporate network security. On the one side, daring and sophisticated hackers look for vulnerabilities at every turn, while on the other, tough regulatory compliance is designed to ensure that data isn’t compromised to those very same hackers. But compliance also demands a certain level of transparency, and managing that sometimes requires a fi nger on the pulse at all times – something that seems a little more diffi cult for in-house IT staff to do these days.


In real terms, outsourcing security – or certain IT fi xtures – isn’t altogether uncommon today, nor has it been in the past, in some respects. Email has long been managed through servers that aren’t necessarily based on company premises, while malware protection has also typically been popular as a contracted need. The list is growing, even though relinquishing control of such a sensitive part of a business might seem anathema to its operations.


“Outsourcing business IT security is no more or less of a risk than doing security internally”, says Etienne Greeff, professional services director at SecureData in Europe. “The risk is defi ned by the risk management framework employed by a company. Outsourcing simply uses another party to implement and run the security controls required by an organization’s risk function.” Greeff points out that the biggest misconception about managed security is that it creates more vulnerabilities, when in fact it doesn’t. “The level of security is increased due to the fact that there are service level agreements (SLAs) in place,


and a SaaS fi rm will often use a scalable and secure platform to deliver the service”, he adds.


Reliance on in-house IT teams to carry out all the admin functions…also increases the risk of human error leading to damaging data loss or potential breaches


Phil Evans Datacastle


Money Matters If not for the recession, it’s possible that the trend toward outsourced security may never have accelerated as it has. A sluggish economy tends to see businesses reassess cost centers, of which IT is usually the most pronounced, so reducing operational costs without sacrifi cing security protocols and compliance has been an attractive option. The numbers seem to hammer the point home as well. A 2011 global report by Global Industry Analysts projected that managed security services would reach US$8.4 billion by 2015. In a separate report, Global Industry forecast cybersecurity as a whole reaching US$80 billion annually


by 2017, meaning more than 10% of this sector will be outsourced by that time. These are projections based on a variety of data, but the complexity and unpredictability of cyberattacks makes it possible that those could be conservative estimates. To avoid being part of the most glaring statistic – that being the $1 trillion both McAfee and the US Senate said the country has lost to cyberattackers worldwide – the migration toward managed security could move faster if the perceptions change says Phil Evans, VP EMEA at Datacastle in London. He suggests that companies may believe they can do it better in-house, but may not factor in the costs and productivity setbacks that might go with it. “When you try to manage endpoint security yourself – for remote desktops, laptops, smartphones and tablets, for example – you are often implementing policies that have signifi cant dependencies on employee behavior”, Evans says. “Reliance on in-house IT teams to carry out all the admin functions, including daily backups, data encryption and looking after data tapes, also increases the risk of human error leading to damaging data loss or potential breaches. With SaaS security providers, many of these admin functions are fully automated, eliminating the risks and cutting the costs.”


The Ponemon Institute has published multiple reports on the cost of data breaches from lost or stolen laptops, with the most recent study indicating the average data breach costs UK-based organizations almost $3 million. Of 160,000 laptops lost in Europe in 2010, 34% were encrypted, but only 26% were regularly backed up and many had no capacity for remote deletion. Just 3% of lost devices are ever traced, and many businesses no longer control which employees access sensitive data. “With cloud-based managed security, all this company data would have been automatically restored when the laptops went missing, and the lost data remotely deleted or automatically encrypted”, Greeff says.


www.infosecurity-magazine.com /// 43


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60