Capturing the benefits of speed, scalability, and agility from your cloud applications is a precursor for business success. And that is why you are deploying more applications and workloads with critical business data in the cloud. You might be developing new workloads and Security as a Service (SaaS) applications to take advantage of the public cloud, or migrating existing applications. You might be a 100-yearold enterprise, or a born-in-the-cloud shop. No matter your situation, it is highly likely that you are using the cloud as your preferred infrastructure of choice for rolling out new business applications. Meanwhile, the frequency, sophistication, and diversity of global threats continue to increase. So to take full advantage of everything the cloud gives you, you must enable relevant controls across a more complicated infrastructure.
But the flexibility of the cloud and use of integrated services make it different than securing on-premises applications, workloads, and data. You have to invest in different tools, implement different processes, and find and retain staff with cloud expertise. And let's be honest: even though you may be doing it today, you shouldn't deploy a new cloud-based workload without a thoughtful security strategy in place.
Part of getting cloud innovation right is enabling security up front. And if it's done properly, you can use the benefits of security solutions built for cloud to your advantage—as opposed to using legacy on-premises security solutions that will slow down your cloud deployments, and may leave your data and applications exposed. The speed of cloud innovation requires a security solution designed to work in the cloud to lower costs, speed up deployment, and reduce risks. That's the new economics.
Until now, organizations that have addressed security have taken the conventional approach: buy and deploy third-party security software and find and retain the security staff to make sure that it is working around the clock. And this is for the few companies that can afford it—since the cost to build out a minimally viable, fully functioning 24/7 security operations center can run millions of dollars per year.
To effectively protect cloud-based workloads with the legacy approach, you would have to do the following:
Not a pretty picture. And even if you do all of the above, you'll still very likely fall short of your goal. Here's why.
It's inevitable. In-house security teams end up struggling with a wall of noise: a glut of logs overflowing with discrete security "events" that reveal attackers attempting to penetrate systems, leaving precious little time left to deal with actual security incidents.
A typical customer is inundated with thousands of these alerts on a daily basis. Many of them are false positives: they look like threats, but they're really not. Meanwhile, other events that are legitimate get lost in the noise. And sophisticated attacks are leveraging methods that appear to be legitimate transactions but are in fact malicious in nature—using methods including SQL injection and cross-site scripting. These attack methods can require petabytes of security data to be analyzed, since no signature or rule-based detection method alone can identify these customized attack patterns.
Why go down this path just to build another problem for yourself? And moreover, why stick yourself with a security infrastructure that undermines all the great reasons why you went to the cloud in the first place?
It's a quandary. You need to be able to launch new security controls as quickly as you launch new cloud services, or you lose the very advantages that prompted you to undertake your cloud investments in the first place.
You need to:
So…welcome to the new economics of cloud security. While the old way was a balancing act between controlling risk and cost, in the new economics, you also have to factor in the speed of the cloud. And not surprisingly, the solution is cloud based, too: a fully managed Security-as-a-Service solution built to protect cloud applications and workloads. Out with the old economics. In with the new.
Security the old way is a huge capital and operational expense, treated as an unavoidable cost of doing business. With a fully managed Security-as-a-Service solution, you slash the overhead and can spend your IT budget on innovation and growing the business.
Security the old way involves spending bucketloads of time up front before you can thwart a single attack. A fully managed Security-as-a-Service solution helps you realize faster value from your security initiatives and your cloud initiatives overall.
It only makes sense that if you're going to secure cloud applications, your security approach should also take advantage of everything the cloud gives you. Including speed and instant scalability, which are some of the biggest reasons you went to the cloud in the first place.
Security the old way says to reduce your risk, you pour resources into security controls and expertise. A fully managed Security-as-a-Service solution lowers your overall risk in a way that just makes sense: offloading the task to someone who already has the infrastructure, data, analytics platforms, continuously evolving detection capabilities, and security experts in place.
The new economics of cloud security is about striking the optimum balance between risk, cost and speed. You can't let security get in the way of the speed the cloud gives you.
Alert Logic® puts the new economics of cloud security to work for you, with fully managed security delivered as a service and built for cloud and hybrid environments. This makes it easy to purchase, launch, and achieve your security goals, all without investing in in-house cloud-security expertise.
Bentley Systems provides software tools that support some of the world's largest construction projects, including roadways, bridges, airports, skyscrapers, and industrial plants. The high-profile nature of the projects dictates that security and data integrity are always major considerations.
By turning to Alert Logic for security, Bentley: