Cybersecurity is a frequent theme in today’s news with a steady stream of stories around data breach or the latest ransomware attack. A growing array of sophisticated, highly-motivated cyber criminals and less-skilled bad actors with access to inexpensive, easy-to-use tools, are outpacing the ability of IT and security professionals to address the constant evolution of new threats.
This change in the business landscape is pushing IT’s role in securing web and corporate assets toward a multi-pronged, defense-in-depth approach. The IT department must move beyond old-school methods of securing the network perimeter with a stateful firewall. Their focus needs to include protecting mobile and IoT-connected devices as well as securing cloud-based files and apps—all while developing rock-solid threat intelligence plans to smoke out any new cybersecurity risks around the corner. This is a significant additional workload for IT resources that are already stretched too thin.
Another challenge is that skilled cybersecurity professionals are getting harder to hire and retain. In a recent study conducted by Cisco, they estimated about one million unfilled cybersecurity jobs worldwide. No wonder that the word “crisis” appears so often in articles on cybersecurity hiring, or that professionals in the field can command extremely high salaries.
To help deal with the increased risk and resource/staffing challenges, many companies are starting to outsource security to Managed Security Service Providers (MSSPs). According to a recent 451 Research white paper, this evolving security technology solution set and traditional network protection at the perimeter, appear to be on pace for being reinvented as a managed, as-a Service offering.
The main findings from the 451 Research white paper:
- Key reasons to consider a Security-as-a-Service (SECaaS) offering are control, visibility and cost savings.
Fundamental security considerations should drive strategy and choices regarding network security. Nevertheless, high upfront costs, as well as complexity and questionable effectiveness, have become significant issues with respect to on-premises security deployments. Cloud-based services offer potentially significant advantages, in terms of simplicity and access to better methods to secure distributed businesses, and may prove to be less expensive, by several definitions, than traditional on-premises network security.
- Most respondents are spending 35-40% of their IT security budget on network security. However, visibility and control is rated less than ‘high or complete’ for substantial amounts of the IT environment.
On-premises threat management suite deployment has become a relatively expensive and complex project involving architectural choices that can impact operations – for example, by imposing latency effects on application data traffic. While respondents indicate significant interest in a range of new network-based and other security capabilities, we believe that project returns and success rates are likely to be low with predominantly on-premises security deployments going forward.
- Security execution is substantially dependent on non-full-time professionals.
Respondents augment fulltime professional work with part-time in-house assignments, contractors and MSSPs. Less-than-optimal coordination is a likely result. There are also real pressures related to skills shortages and retaining talent. New network SECaaS options should help alleviate these significant operating pressures related to staffing.
- Cloud-based access and protections can be optimized for centralized visibility and unified policy provisioning and enforcement over a wide area.
As an attack surface, the cloud represents the opposite of what attackers hope to encounter. At scale, cloud-based IT is more easily configured correctly, monitored and updated than on-premises IT infrastructure, including security. Cloud-based services enable aggressive deployment of advanced security technologies, such as software-defined perimeters, dynamic isolation techniques and behavior-based analytics that directly address the requirements and challenges of distributed enterprises.
- The cloud is the network – at least that’s the way the business now views it.
As simplification becomes a top security operations priority in 2017, IT organizations of all sizes should drive toward attainable, singular abstractions that can improve flexibility and business results over the long term. Network SECaaS offerings are on a path toward providing single network abstractions – similar to how business process owners perceive the situation – and the means to implement unified security policy across diverse enforcement infrastructure and endpoints.
Bottom line, many companies are gravitating towards an outsourced cloud-based model for security and day-to-day operations, given the current landscape.
How can StrataCore help? We know the marketplace, and the best-in-class MSSPs out there. We vet the market for you to present SECaaS options that fit your particular business needs.
For more SECaaS information, here’s an easy-to-read infographic we put together.
Source: 451 Research – “Ready Now: Middle Market Shift to Network Security-as-a-Service”. The survey conducted included over 300 executives, IT Managers, and tech practitioners to discover how current infrastructure challenges, near-term spending plans, and the availability of new network Security-as-a-Service offerings could help steer organizations closer to their goals.