Over the past decade, the cloud has become the hottest term in business, with everyone from major corporations to SMEs making use of the technology. However, security has not always been keeping pace, with many businesses continuing to use localised solutions despite the rest of their operations – and thus, their data – being cloud-based.

“I talk to a lot of CSOs and some are hesitant to look at the cloud,” says Rick McElroy, security strategist at cloud security provider Carbon Black. “What I say to them is: where's your data? And generally it's going to be in Azure, or Office 365, Google Docs, maybe they're using Dropbox or all of these other things.”

Generally the fear around using cloud-based security stems from the idea that it is more risky than traditional solutions. After all, the cloud is associated with many of the most high-profile breaches in recent years. However McElroy argues that this is not the case.

“When you really boil the risk down, you say well look, my data already exists in the cloud. I don't have visibility into it,” he says.

“If I deploy security solutions that give me visibility into where my data's at that looks at attacks, for me the trade-off is worth it because the benefits outweigh the risks.”

Beyond company boundaries: the benefits of cloud security

When it comes to the benefits of cloud security, companies such as Carbon Black are able to provide organisations with greater threat and attack response intelligence than could be achieved with their data alone.

This is because products such as Carbon Black’s Predictive Security Cloud pool the intelligence gleaned from all their customers’ data and share it with all the organisations they cover.

“This is the idea that you can record all of the right information, apply great analytics on top of that with a feedback loop for all the customers that are in that system, so that an attack against one of them really protects all of them at the same time,” explains McElroy.

This requires a certain number of customers to work, however Carbon Black operates at a scale where this provides genuine and valuable insight to its customers.

“We've got thousands of customers and hundreds of thousands of streams coming to our cloud everyday,” he says.

“An attack against one of company protects all of them at the same time.”

Perhaps more significantly, cloud security frees up operational costs associated with traditional security, as McElroy discovered when he assisted several enterprises with their transition to the cloud.

“I was able to see what the CIO got out of it, what the business got out of it. We were delivering features faster, our uptime was higher, our costs were cheaper,” he says.

“Well, security is expensive. Those are all things that I need, right?”

This also frees up security professionals to focus on threat detection and prevention rather than maintaining weighty infrastructure.

“What happened in security is we all built infrastructure. And now my team of engineers and threat hunters are maintaining my infrastructure, they're not going to find evil and take the bad guys out,” he says.

Making the case for cloud security

Cloud security is a relatively young product sector, meaning vendors have to work hard to make the case to would-be customers. And this is a particularly significant challenge in the generally conservative security sector.

“I think most security professionals are going to be slow to adopt any new tech. There'll be like the 1% that's like: 'Yeah the next thing, I'm going to go get it and try it'. And then there's the rest of the market, which is like: 'Hey when Apple and Google do it, then we'll do it’,” says McElroy.

However, with support from a number of thought-leaders in the space, cloud security adoption is starting to grow.

“I think what you're starting to see is the leaders out there went to the cloud, they're out talking about the benefits and then everybody else is going to start to follow,” he says.

“The leaders out there went to the cloud, they're out talking about the benefits and then everybody else is going to start to follow.”

But where vendors such as Carbon Black are having to do the most work in convincing companies is with SMEs.

“We spend an inordinate amount of time educating the largest amount of security professionals out there: SME,” he says.

“It's very hard for them because they don't have big teams to go build threat hunters and security operation centres. And so it's really empowering them with the right platforms to get the right data to make their jobs easier, not just give a bunch of data that they can't take action on.”

The future cloud

While there are mature cloud security technologies available today, the technology has by no means stopped progressing, meaning that as time goes on, it will become increasingly sophisticated.

“I think most vendors out there are fairly new to the cloud security game, so you are going to see all kinds of things in the future,” he says. “You'll see further leveraging of machine learning (ML) and AI.

“When you have a cloud like that then it's pretty easy to build new features on the backend and then deliver those out to customers on a regular basis.

“So I think you'll see everything from better analytics, better threat intel to organisations out there that are applying ML and AI.”


Share this article