Securing Your Infrastructure in the Cloud – Are You Exposed?
Traditional on-premise security solutions that include firewalls, endpoint protection and other end to end encryption have demonstrated value to the market. The trouble is what and how does this translate into cloud services? How can you replicate the security controls where you don’t own the infrastructure?
The overall answer is to understand the solution as a whole and not rely on a single vendor to address this. Whilst Microsoft can deliver the cloud services and have security elements included such as encryption, this doesn’t cover all areas of threat manipulation.
Additional vendor products such as Mimecast, Veritas, CheckPoint and Fortinet can be constructed to deliver the appropriate solution of which SCC has experience of building for our customers.
Gartner produced a piece of research that highlights the challenges of security when using Microsoft’s Office 365, but equally can be relevant to any public or private cloud undertaking.
Whilst some of the native security is in place with some of the services contained within certain Office 365 suites, organisations should challenge themselves to understand the following recurring issues:
- Organisations must contend with a proliferation of disparate devices that access Office 365, many of which are unmanaged
- Traditional security tools, designed for protecting on-premises systems, can’t offer visibility and control when enterprises move email, content creation, file sharing and collaboration to the cloud, making the detection of inappropriate behaviours difficult
- Although Microsoft has simplified administering Office 365 security, certain controls require higher-priced licensing options. In some cases, third-party tools compete with lower prices and enhanced capabilities.
- Some Gartner clients report that Microsoft’s more-sophisticated controls perform poorly or lack necessary capabilities
“By 2018, 40% of Office 365 deployments will rely on third-party tools to fill gaps in security and compliance, which is a major increase from less than 15% in 2016.”
“By 2020, 50% of organisations using Office 365 will rely on non-Microsoft security tools to maintain consistent security policies across their multivendor “SaaSscape.””
Gartner have created a framework below that will indicate what areas should be addressed to address how an on premise approach can be replicated in the SaaS / IaaS / PaaS market:
The main recommendations and considerations that should be addressed are:
- Start with Identity, access, and privilege management
- Gain visibility into user, application, and data behaviour
- Secure Office 365 content in motion and at rest
- Protect Office 365 from threats
- Secure managed/unmanaged devices
- Consider a CASB for consistent visibility, control, and protection
The good news is that SCC has a set of services to ensure you can ensure that the solution fits the brief and you can start to deliver against your business drivers through our:
- Solution design professionals to ensure that the breadth of requirements is delivered and not aligned to one specific vendor
- Keep you updated as Microsoft increases their capability through acquisitions
- Accredited and experienced professional services across the full Microsoft stack and widened across other vendors and technologies
- Plan, migrate and manage any route to cloud services and especially managing changes within this change
- Provide ongoing solution support and assistance to customers in other requirements and further changes that vendors implement
Contact SCC today [email protected]