The Best Way to Protect Your Cloud May Be Another Cloud

One challenge that comes with being a midsize enterprise today is that you're large enough to exist a target just not large enough to beget the kind of security that large enterprises employ. This is one of the reasons why one of the fastest-growing segments for data breaches is the small to midsize business organization (SMB). In fact, according to the 2022 Verizon Data Breach Investigation Written report, smaller enterprises received over half of all information breach attacks concluding twelvemonth.

IT Watch bug art The reasons aren't surprising, and boil down to the fact that smaller enterprises still have something worth stealing even though they aren't ever well-protected entities. While they commonly do well when information technology comes to endpoint protection, SMB information centers and traffic hubs are often another matter. Fortunately, that could exist changing. Just equally the cloud gave these enterprises new capabilities to manage and analyze data that were previously but available to large enterprises, the deject is besides able to evangelize big enterprise security to smaller organizations. And yeah, information technology'southward some other series of deject services that fall under the umbrella term, Security-equally-a-Service.

In that location are a few types of deject-based security; probably one of the best-known types is for mitigating deprival-of-service (DoS) attacks. In such cases, a cloud service inspects traffic on its mode to the destination enterprise, and when information technology detects a DoS assail, it simply shortcircuits the damaging traffic. A large enterprise tin can do this itself, but a smaller ane generally has neither the bandwidth nor the network infrastructure required to handle it.

Firewall-every bit-a-Service

More than recently, nosotros've seen a related technology arrive. It's called Firewall-as-a-Service (FWaaS) and it's exactly what it sounds like. Available from vendors such every bit Cato Networks and eSecurity Solutions, these services simply require you lot to sign up, and and so your incoming traffic is routed through a cloud-based, side by side-generation firewall earlier information technology reaches your network.

Note that this is distinctly unlike from a managed firewall service, though some vendors offer both. In that instance, you've only hired a knowledgeable IT security consultancy that takes on the task of managing, monitoring, and updating your on-premises firewall.

The advantage of FWaaS is that the cloud provider has enterprise-level expertise in treatment an enterprise-class firewall, and you're affording that via the deject'southward economies of scale. In a managed firewall scenario, yous're paying the consultant the standard charge per unit plus you've withal got to pay for the firewall and all its coincident costs. FWaaS means you're not paying for the firewall, the support contract, or the staff. Yous get all of that just past paying for your share.

The potential downside here is, of form, latency. Because these services are new and vary in terms of how well they're implemented, there's no mode to assign a general rule of pollex here when information technology comes to traffic filibuster. Only given all of the variables—what kind of firewall infrastructure the provider is using, how it'southward architected, where it's located on the cyberspace in relation to your infrastructure, how much and what kind of traffic your organization generally gets, and, of course, what settings you've implemented on your firewall account (not to mention the vagaries of internet traffic flow in general)—the merely way to become a handle on how FWaaS will touch your traffic menses is to test, examination, and maybe after all of that, test a niggling more.

Hacker Enters Information Security Hallway With Locks

Software-Divers Network Segmentation

A good case of this engineering science is OPAQ Networks, which provides a managed security service that uses products and services from Palo Alto Networks and adds its own specialized support for midsize enterprises. A key technology offered past OPAQ Networks is software-defined network segmentation, which simplifies the procedure of sectionalization while too bringing it into the reach of smaller organizations.

"Using this tool, it'due south possible to granularly segment internal networks so that terminate users only take admission to the resources that they need, without having to reconfigure VLANs or wrestle with NAC (network access control) solutions," explained Tom Cross, CTO at OPAQ Networks, in his web log.

"The traditional security stack delivered from the cloud has value, particularly for businesses where consistent patch and configuration direction can be a claiming," Cross added.

As you probably doubtable, OPAQ Networks isn't alone in providing this sort of Security-as-a-Service. Firewall vendor Barracuda is at present offer a Web Application Firewall (WAF) that the company can provide as a service. According to Barracuda, the WAF tin can protect your deject and your on-premises information. Barracuda offers distributed deprival of service (DDoS) protection as an add-on service for its WAF, forth with access and identity management, giving you virtually a one-stop protection opportunity.

Threat Tracking

And, of form, there's more to Security-as-a-Service than just DDoS protection and firewalls. Microsoft is now offer its Threat Tracking for Office 365, which works with its Threat Intelligence production for Office 365 (which was released in 2022).

While the Microsoft product doesn't actually collaborate with your cloud solution, it does provide a useful source of data. All the same, Microsoft does provide other cloud security protections for use with its Azure deject service, including a lockbox for access keys.

The other major cloud providers, including Amazon Web Services (AWS) and Google Cloud Platform, take all appear security products for their customers. And 1 thing that y'all'll come across when you lot're configuring your deject service with whatsoever of the major vendors is the opportunity to add together a firewall to whatever product suite they're selling. But those firewalls and other products simply protect your cloud presence. Typically, what sets Security-as-a-Service apart is that it should also protect the stuff in your data eye.

Security-as-a-Service

The question you accept to respond as a small to midsize enterprise (SME) is whether or non you demand security in the cloud. If your IT operation is any way hybrid, and about are these days, and so the reply is about certainly "yes." Except in all just the most unusual of cases, your IT staff probably doesn't accept the expertise or the budget for the kind of security you demand to fight off today's threats.

While you tin (and should, if at all possible) rent someone to manage your It security, salaries in data centre security management are stratospheric right now. And even if you do rent a security expert, the workload is oftentimes prohibitive for just ane person, specially in anything larger than a small business and certainly in any system that does significant business organisation on the web. That's because information technology's not just exacting work but also because information technology spans nigh every aspect of your IT infrastructure. Therefore, the level of expertise required is pregnant. Unless your needs prohibit the utilise of a cloud-based resource, Security-equally-a-Service is probably the almost cost-effective and quickly implemented solution available.