Security from the cloud or for the cloud?

We’re always excited to see coverage of Security-as-a-Service in the media; we’re pioneers of this model, so obviously we believe in it and it’s great to see awareness on the rise. Recently we saw an Insider Report on Computerword titled Security-as-a-Service Gaining Popularity by Bob Violino (note: free registration is required to see the whole article). Violino does a great job of shining a light on several different types of security services that are being delivered from the cloud today. There is some good information from Gartner analyst Lawrence Pingree, who is very knowledgeable in this area. Violino looks at several Security-as-a-Service offerings by speaking to companies that actually use the services, delving into their pain points, why they went with a cloud-based solution, and how it is working for them. Violino also mentions the Cloud Security Alliance working group on Security-as-a-Service and its recently published guidelines. He also makes a good pitch for checking out your security service provider’s SLA. This is a very informative article that gives some good advice and insight into the state of Security-as-a-Service, and you should head over to Computerworld to read it. It seemed to us, however, that there was an aspect of Security-as-a-Service not covered in the piece: securing cloud infrastructure. Too often, discussion of cloud security and Security-as-a-Service focus entirely on delivery of security services via the cloud to on-premises infrastructure, endpoints or internal networks. But what about the billions of dollars of cloud infrastructure being deployed every day? Security-as-a-Service is a great model for securing traditional infrastructure, but for cloud and virtualized infrastructure it’s a necessity. Our delivery model has gained traction with hosting and cloud service providers (more than half of the top 30 North American providers are our partners) for this reason: enterprise security solutions simply aren’t designed for the cloud, and simply creating virtual appliances doesn’t solve problems like deploying in elastic cloud instances or integrating with provider provisioning and management systems. Market trends are pushing this issue to the fore, however. Violino cites Gartner’s statistics that the cloud security services market is expected to grow from $1.9 billion in 2012 to $4.2 billion in 2016, with a compound annual growth rate of 23%. Those are big numbers indeed, and they represent more and more workloads – including business-critical applications and data – moving to the cloud. The pressure is on the security industry to deliver solutions, and traditional enterprise solutions don’t fit. It may seem obvious that a cloud-based service would be the right fit for cloud infrastructure, but this is a part of the cloud security picture that is often overlooked. So a tip of the hat to Mr. Violino for his excellent piece on Security-as-a-Service, with our additional reminder that cloud security begins at home – cloud infrastructure secured by cloud services.