The following is a guest post from Tom Cross, CTO at OPAQ Networks, a provider of network security-as-a-service solutions. Dan Cummins, a senior analyst for the Information Security Channel at 451 Research, completed the research.
Network Security Research
Trapped at the Security Event Horizon? Break Free With As-a-Service Solutions
Network security is necessary. Without effective controls, clear policies and reliable reporting, companies can’t hope to maintain current performance, address emerging issues and defend against incoming threats. The problem? Recent data from 451 Research found that mid-market IT departments are stuck in a “black hole” of network security. But it’s not all bad news. The evolving impact of security-as-a-service (SECaaS) offers companies a chance to escape the event horizon and break free of crushing complexity.
Force of Nature?
As noted by the 451 survey, network security spending already accounts for 39 per cent of all organizational IT security spending, and is on track to consume almost half of these budgets by 2021. Still, 82 per cent of businesses report that “procuring, implementing and managing security products consumes between 20-60 hours of in-house staff time per week.” This translates to between three and five full-time employees to manage security workloads — workloads that are getting more complex as threats such as ransomware and mobile malware become more prevalent, and users demand greater access to corporate networks.
The result? Organizations lack visibility and control over their network security assets, and with 60 per cent pointing to legacy IT solutions as the biggest barrier to measurable improvement, it’s no surprise that many companies see the increasing complexity of network security as inevitable, inexorable — a force of nature.
Breaking the Barrier
Is there an alternative for companies stuck with legacy apps and solutions but trying to manage increasingly agile and adaptive threats? As noted by Gartner analyst Avivah Litan, “companies are worse off by 100 per cent (with cybersecurity) compared to 10 years ago because the world is more complicated now.”
To balance the need for speed against infosec best practices, many companies are opting for a cloud-based model: Security-as-a-service. According to CIO, predictions suggest that by 2020, 85 per cent of large enterprises will use a cloud access security broker solution — up from just five per cent in 2015. Sixty-seven per cent of mid-market businesses surveyed said they planned to use cloud-based security services to manage or co-manage their security, with eight out of 10 IT and security executives saying they preferred SECaaS to MSSPs. What’s more, 90 per cent of those asked said they have either a need or plan to invest in network security-as-a-service over the next 12 months.
Security at Speed
What is it about SECaaS that offers the potential to conquer the network security event horizon and reduce total complexity?
As noted by Forbes, the key lies with usability. To effectively manage both emerging external threats and the increasing risk of accidental insider compromise, infosec experts must be in the “yes” business. This means they need the controls and visibility to find ways for their organization to do what it needs to do — safely.
The result? Companies are now embracing SecaaS for multiple use cases. For example, 64 per cent are using these tools for threat management, while 42 per cent opt for branch office enablement and optimization. Others use on-demand security, MSSP displacement or an MPLS alternative.
For companies stuck at the network security event horizon, escaping complexity relies on three key concepts:
- Automation — Leverage SECaaS solutions offset security skill shortfalls and handle routine tasks.
- Think Small — Adopt new services on value-proven outcomes, and expand as new use cases are identified.
- Spend Smart — Stop spending on security management. Instead, develop SECaaS-based business use cases and budget for innovation, adoption and growth.
It’s easy to get caught in the mid-market black hole of security, stuck with legacy solutions, increasing complexity and reduced control. Breaking free means changing perspective; embracing cloud-based security tools that empower IT oversight, control and agility.
Author Bio: Tom Cross is Chief Technology Officer for OPAQ Networks, and co-founder/former CTO of Drawbridge Networks. Mr. Cross is credited with discovering critical security vulnerabilities in enterprise-class software, and has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in Internet routers, securing wireless LANs, and protecting Wikipedia from vandalism.