The future of IT security may be in the cloud

“If done right, cloud-based security is safer than appliance-based security”, said Zscaler CEO Jay Chaudhry at last week's CSA Congress
“If done right, cloud-based security is safer than appliance-based security”, said Zscaler CEO Jay Chaudhry at last week's CSA Congress

Speaking during a keynote address during last week’s Cloud Security Alliance (CSA) Congress in Orlando, Florida, the chief executive of the cloud-based security firm said that paying for security-as-a-service from a security company just makes sense, as these providers can offer economies of scale that parallel paying utility companies for their services. The goal of cloud-based security, he added, is to avoid deploying so many of the boxes that enterprise IT currently needs to manage.

The analogy he employed was that of energy supplies from generators versus that from utility companies. “Who would argue that power generators are a better way [to supply energy] than utility services managed and delivered by utility companies?”, he asked the audience. “Cloud computing – and cloud security – is no different.”

Chaudhry first set out to make a distinction between securing clouds themselves and the process of using the cloud to deliver security services. He opined that because placing security within appliances or on devices themselves has proven an ineffective strategy, moving security to the cloud is a logical next step in security innovation, and the process lends itself nicely to mobile device use.

When it comes to securing the cloud – for example, Google or Amazon cloud services – Chaudhry said he believes “it is the responsibility of the cloud service provider to make sure the cloud is secure”. He said this is one of the major objectives of the CSA – to make sure that a good idea does not acquire a bad reputation through insecurity.

And then there is the example of using the cloud to deliver security services, of which email security (for example, Google’s Postini) has experienced a rapid uptake over the last two years. According to the data Chaudhry cited, more than 50% of enterprises now employ cloud-based services for email security.

“Why buy all these boxes?” he asked, when you can re-route through a professional provider to clean up email traffic. It’s just one of many boxes IT departments typically have to manage, which increases the complexity of your defenses – and not in a good way, Chaudhry noted. Security delivered from the cloud, he continued, means consolidation of your current appliances and, therefore, saves enterprises money.

“Cloud security reduces your bandwidth costs amazingly well”, he added. In addition, the Zscaler CEO said that cloud-based security helps alleviate the latency issue because mobile devices no longer need to double back to a centralized security appliance housed at an enterprise’s headquarters or regional operating facility.

The fundamental proposition for the use of cloud-based security is that these new technologies are solving problems like bandwidth, latency, and costly appliances. Chaudhry listed a handful of drivers behind the increased adoption of security-as-a-service, which now appears to be moving rapidly into internet security as well:

  • Cost savings – doing more with less
  • Faster response to newer threats
  • Ease of deployment
  • Shortages in IT staff

Chaudhry championed the successes seen in the migration of e-mail security to the cloud, with nearly 50% of enterprises making the switch over the last five years. Web security, he noted, is following the same trend. Analysts like Gartner and IDC, he observed, have predicted that cloud-based web security will grow from 11–13% uptake at present to upwards of 35% of enterprises within the next two to three years.

“If done right, cloud-based security is safer than appliance-based security”, Chaudhry concluded. Furthermore, cloud-based security has a 60% lower total cost of ownership over appliances, with most costs centering on subscriptions and maintenance.

Of course, these statements – coming from the CEO of a cloud-based security provider – should come as no surprise, Infosecurity notes. Only time will tell whether these claims prove true.

What’s Hot on Infosecurity Magazine?