​Why cloud-delivered security provides the best protection for business

by Scott Robertson, Zscaler Vice President Asia Pacific and Japan

As the proportion of business transactions conducted electronically continues to rise, maintaining the trust of customers has never been more important.

E-commerce, cloud-based services and mobility have reshaped the business/customer relationship. However, while customers are keen to take advantage of the improved convenience and efficiencies on offer, they are also wary of the potential threats posed by cyber criminals.

For businesses, this means being ever vigilant. Falling victim to a security breach or cyber attack can result in heavy losses. Customers are likely to take their business elsewhere and bottom-line profits will dive.

Frustratingly for business, the increasing sophistication of attacks means traditional approaches to IT security are no longer providing sufficient levels of protection. Widely used appliance and software-based security architectures are unable to deal with the types of attacks now being experienced.

The situation is exacerbated by the sheer number of security point solutions many organisations have in place. These have often been deployed in response to specific requirements with little or no thought given to the adoption of an overall strategy. As a result, IT teams have to contend with hundreds (or even thousands) of alerts coming in and have little hope of efficiently analysing them to determine which require a response.

A recent survey conducted by Forrester Consulting, and commissioned by Zscaler, found data security is considered a critical component when it comes to an organisation's ability to compete in its chosen market. The results of the research, which involved in-depth surveys of 130 US-based IT security or strategy decision makers, clearly show that taking a steady-as-she goes approach to security is no longer good enough.

Taking an integrated approach

As part of the research, survey respondents were asked whether they felt integrated security platforms delivered more effective results than point products. Overwhelmingly, 98% indicated this was the case.

This result clearly shows security professionals recognise the era of point-security solutions is over. Instead, they are looking for integrated platforms that combine multiple functions into a single, robust framework. Such a platform should offer unified administration, policy management, reporting, analytics, and threat detection.

Interestingly, the attitudes identified by the research are at odds with the way most security vendors continue to deliver their technology with large numbers remaining focused on providing point solutions. Many have been slow to develop integrated, platform-based offerings that efficiently integrate endpoint and network security.

The research shows, however, that customers are no longer satisfied with this strategy. They understand that taking a fragmented approach can create a significant barrier when it comes to taking advantage of advanced security techniques.

The research found 63% of companies were keen to take advantage of advanced analytics as part of their security strategy. Of those surveyed, 52% identified machine learning and 64% pointed to encryption as higher-level technologies that could be used once an integrated security platform was in place.

The importance of the Cloud

As well as expressing a preference for an integrated platform approach to solving their security challenges, survey respondents also identified cloud-based resources as an integral part of their ideal mix.

The ability to use cloud-based security to secure crowd-sourced threat intelligence was identified by 59% of respondents. At the same time, having cloud-scale visibility was nominated by 73% while 55% specified a desire to be able to take advantage of advanced anomaly detection based on unsupervised machine learning.

The results clearly demonstrate most organisations believe cloud security-as-a-service offerings can deliver better security than on-premises hardware or software security offerings. The survey found 48% of IT decision makers have, as a top-three goal, the adoption of cloud security-as-as-service to secure areas that on-premise deployments cannot. These include areas such as remote locations, mobile devices, and rapidly evolving Internet-of-Things (IoT) infrastructures.

Clearly, IT professionals acknowledge that the value, flexibility and scalability of cloud solutions can deliver to them a more secure environment overall.

Strategy for a secure future

Based on the demand for an integrated platform and cloud-based approach identified by the survey, there are some key steps organisations should take when building their security strategy. They include:

  • Making integration a must-have feature for all security technologies within an infrastructure. As each component is added it should be able to hook into a central management platform.

  • Creating a comprehensive data security strategy designed to address all channels and devices used to access sensitive assets. This should cover everything from employee-owned devices to data stored on cloud platforms.

  • Ensuring end-point protection by adopting solutions that use dynamic analysis, such as application or process sandbox analysis and user or kernel activity behaviour monitoring.
  • Taking advantage of cloud-sourced threat intelligence to learn from attacks experienced by other organisations.

By following this strategy, organisations can be sure they have an effective security infrastructure in place that will significantly reduce the likelihood of successful attacks. Customer service and satisfaction can then be confidently maintained.

Join the CSO newsletter!

Error: Please check your email address.

Tags public cloudcloud-based servicesasia pacifice-commercePlatform Computingsecurity breach

More about Customers

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Scott Robertson

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place