Trust in the Cloud: Security-as-a-Service
You can hardly read the news today without seeing the term “the cloud”. Although the phrase is used frequently in the context of thousands of products and services, it is a somewhat imperfect concept that confuses many. Technology security experts often get asked, “What is ‘the cloud’?” “Is it safe?” and “How does security-as-a-service work within it?”
What is the “Cloud”?
In truth, cloud computing is really nothing more than a marketing term created by computer technology companies in the 1990s to describe accessing services, programs, and data via the Internet. So, when you login to your Web-mail account (such as Gmail, Yahoo, and AOL), you are getting your email via “the cloud”. When you use a customer relationship management (CRM) tool (such as Salesforce.com), you are accessing the cloud. Services such as Dropbox and Google Docs are other examples of cloud services. The cloud is not about your computer’s hard drive; it is only about what is available on the Internet.
The bigger question, though, is whether the cloud can be trusted. Today many take it for granted that the safest place to store their money is in a bank, savings & loan, or credit union. But even as recently as the first half of the 20th century, many people still kept their money at home, unwilling to trust the financial industry. Fundamentally, giving up control of something that is important to you, such as your money—or your data—requires trust. Yet, we do it every day. We trust Google to protect our email; we trust stock brokerage firms to invest and manage our hard-earned money; and we trust that the personally identifiable information (PII) sent over the Internet is protected.
What Do All the Cloud Terms Mean?
You may see terms like “SaaS”, “SecaaS”, and “PaaS” regularly in news articles and corporate brochures. These refer to software, security, platforms, and infrastructure offered “as-a-service” via the Internet. So, “SecaaS” means security-as-a-service or security services delivered directly to your customers’ computers via the Internet.
What About Security-as-a-Service?
When applying the concept of trust to the security-as-a-service (SecaaS) delivery model, it is useful to think in terms of the historical forms of technology security. With the Internet and email came viruses, spam drive-by downloads and phishing, and the corresponding perimeter security software and hardware to protect corporate systems. But, out-of-a-box security always needs upgrading, security experts constantly need to stay abreast of the latest threats, and it seems as if cyber criminals are always one-step ahead of everyone. Consider the following recent studies:
- Corporations experience a cyber attack approximately 17,000 times per year; many of those attacks result in significant data breaches.
- 60% of all corporate data ‘lives’ in unprotected desktops and laptops. Anyone who finds a lost, thrown-away, or stolen computer has access to this information.
- More than 40% of all online data breaches are targeted at small- to medium-sized businesses of less than 1,000 employees.
Security in the “Cloud”
Is data better protected when it is secured through the cloud? In short, the answer is yes. When your company’s data is secured via Security-as-a-Service, end user traffic is routed through a robust and scalable cloud (Internet) security system, where it is screened and analyzed for viruses, malware, and other threats. Even data moving through mobile devices, such as tablets and smart phones running Android and iOS operating systems, are protected.
“Out-of-the-box and perimeter security is like storing money in a mattress. You might feel like you have more control, but it is really easy for cyber criminals to access your data.” — Sigurður Stefnisson, Director of AV Lab at CYREN
SecaaS companies, like CYREN, analyze billions of transactions on a daily basis, providing a near real-time, wide-ranging picture of the Internet. Because of this, companies do not need to worry about keeping their security definitions up-to-date; SecaaS does it for them. Companies can easily create browsing policies specific to their needs and corporate structure and quickly deploy them to all employees, no matter where they are or what device they are using. In addition, SecaaS enables SMBs to integrate Web security on a pay-as-you-go basis with no equipment to buy, install, or maintain resulting in a business model that is much more efficient and cost effective.
Simply put, security-as-a-service offers small-, medium-, and large-sized business unprecedented protection at significantly reduced costs.
To learn more about the various SecaaS options offered by CYREN, visit our website.