In this blog, Alert Logic provides commentary on topics that are related to our technologies, such as log management, threat management, and IT compliance management.
Our CEO, Gray Hall, was recently interviewed by the Web Host Industry Review about how Alert Logic is working with the hosting industry. You can view his interview below:
Gray addressed many topics relevant to SaaS (Software-as-a-Service) security and compliance, and highlighted how Alert Logic is uniquely positioned to work with the hosting industry. When discussing why hosting providers would want to work with Alert Logic, he pointed out that not only do we have great technology, but we are uniquely suited to be integrated in the services that hosting providers offer. In particular, we offer the following:
Cloud services is a hot topic. Whether it is cloud storage, server capacity, or software-as-a-service (SaaS), cloud services offer significant benefits to businesses and there is significant interest in learning about these offerings. This week IDC updated their definition of cloud services and they did a great job of explaining the attributes you can expect from a company with these types of offerings.
Their most basic definition of cloud services is as follows:
“Consumer and business products, services and solutions delivered and consumed in real-time over the Internet”
They go onto explain the key attributes of a cloud-based solution:
Shared, standard service
Solution-packaged
Self-service
Elastic scaling
Use-based pricing
Accessible via the Internet/IP
Standard UI technologies
Published service interface/API
These types of solutions can be delivered in either public or private clouds. Read the full story…
Cloud computing has been receiving significant attention and hype in 2009. Last week we featured a couple of posts looking at security in the cloud. The first featured an article that looked at the advantages of cloud-based security and the second featured an interview with thought leader Michael Suby on recent trends in SaaS security. Of all the security functions that may be impacted by cloud computing, log management may be the killer application that leads to its large scale adoption.
Log management lends itself to deployment in the cloud gaining clear advantages in functionality, speed and cost. For many of our customers moving to a cloud based log management solution not only helps them meet compliance objectives, it allows them to integrate log management as a more integral part of their overall security processes. Log management is a part of so many compliance requirements because it plays an important role in combating an insider threat as well as supporting investigation into uncovered incidents. Cloud computing makes log management accessible to thousands of mid-sized companies who simply don’t have the resources or expertise to build an effective function inside their corporate infrastructure.
We are going to be discussing the advantages and momentum for cloud computing this Wednesday, September 16th in a webinar titled, Is Log Management the Killer App for Cloud Computing? Randy Rosenbaum and I will be discussing the practical deployment of cloud-based log management by our customers and how they have been able to meet compliance requirements, reduce costs, and significantly improve the benefits from log review processes. To learn more about how you can benefit from cloud-based log management, be sure to tune in and join us.
Today we’re starting a new feature called, “Thought Leadership with an Industry Expert,” to bring an outside perspective to our focus areas of: PCI compliance, log management and cloud-based security.
In this first interview, we spoke with Michael Suby, the director of Stratecast (a Frost & Sullivan company), about SaaS security and cloud-based computing.
In January you published a paper titled “SaaS Security Services: Uptick in a Downturn” and predicted that SaaS based security services would continue to grow during the downturn. Can you update us on whether you have seen clients interest in and purchase of SaaS security services growing relative to more traditional solutions this year?
Michael Suby: The key comparative point is with Managed Security Service providers that offer both Managed Security Services through on-premise appliances and SaaS security services. Across the board with providers we track, SaaS as a category is growing faster.
The primary reason for this is the contrast in the value proposition. Typically with any managed service, subscribers gain the expertise of the service provider, a big plus as businesses are trimming and stretching their in-house IT and security personnel, but cannot afford an uptick in security risk. SaaS provides the extra benefits of affordability because of the providers’ economy of scale associated with shared, multi-tenant platforms and standardized environments. This is a material difference between SaaS security and managed on-premise security appliances. In addition, the purging of unwanted and tainted inbound traffic before reaching the business network with a SaaS-based security service like email security retains more of the business’ access bandwidth for legitimate use. Read the full story…
Last week I replied to a detailed and well thought out post on cloud-based security from Eric Hemmendinger titled, Cloud-Based Security – an Evolution – Not a Revolution. Eric makes a great case for cloud-based solutions as options for mid-sized companies. I want to highlight some key points from that article for you.
The article walks the reader through key drivers of and issues with cloud-based solutions. Here are Eric’s list of questions that you should consider to determine if cloud-based security is right for you:
Does the company have IT staff with sufficient expertise and available time to manage the solutions?
Does the company have the budget to acquire the necessary products that enable premise-based solutions?
Does the company have unusual requirements that require specialized security solutions?
Does the company have the necessary excess space to house premise-based solutions?
Does the company have the necessary capacity from a power supply and back-up perspective to service additional premise-based solutions?
Does the company have sufficient Internet bandwidth available to continue filtering dangerous or unacceptable traffic on-premise rather than in-the-cloud?
Does the company have resistance to outsourcing IT services in general?
