SPONSORED: Legacy vs cloud security - busting the myths that prevent progress

clock • 6 min read

Cloud may now seem like part of the furniture in many parts of end users' IT estates, but there are still misconceptions and misnomers that often obstruct channel players that deliver security from the cloud. We put five of the biggest to the test.

Credit: j_ridley2000/CC BY-SA 2.0

Nowadays, cloud computing's adopters and advocates include governments and the world's biggest businesses, and the technology is also routinely and happily used by consumers in their daily lives.

It is tempting to believe that cloud has definitively won both the territorial and ideological battles that, just a few years ago, still raged fiercely.

But the truth is that doubts and misconceptions persist - nowhere more so than in the security space, where some familiar stumbling blocks to cloud remain in place.

Most companies now think nothing of moving their most widely used commodity productivity and communications tools into the cloud. However, when it comes to deploying technology to protect their organisation from the ever-growing array of threats they face each day, many enterprises still baulk at the idea of using a cloud-based solution.

The reasons for such reticence will be familiar to many -- they are exactly the same arguments that, when applied to other parts of an end user's IT estate, cloud providers have already succeeded in taking apart.

They are, essentially, myths. And all myths can be successfully busted if they are brought out into the light and subjected to a little scrutiny.

So, let's don our hard hats and goggles and put to the test the five biggest myths that still dog the cloud security space.

1. Making the switch is complex

Many end users are put off by the misconception that adopting cloud security is inherently more complicated than keeping everything on-premise - particularly if they are moving towards a hybrid environment. The assumption is that melding two different styles of provision must, necessarily, be a trickier proposition than sticking with legacy across the board.

The truth is that customer IT environments have never been anything other than a challenging mix of different technologies - which is why they have always required the expertise of vendor-neutral integrators. Those integrators can stitch cloud into the mix of their client's security estate just as seamlessly as they have been doing with competing manufacturers' software and hardware for decades.

Richard Archdeacon, advisory chief information security officer (CISO) at unified-access security specialist Duo Security, has this advice: "The first step is to clearly map out what services are provided by the cloud provider and relate them back to your overall security capability. This will not only ensure that there are no gaps, but will start to identify where any links need to be built, such as the provision of logs for monitoring or forensic analysis."

2. It's all or nothing

The initial cloud marketing missionary zeal purported the idea that ‘going cloud' required a completely new belief system and way of life - not to mention a total renunciation of their legacy sins of the past.

There is now more than enough evidence to demonstrate that cloud can be implemented gradually and pragmatically. Many begin their journey towards the cloud with core commodity applications offering productivity or communications tools. Some stop there, others travel much further, and a very few go all the way to what one big-name cloud vendor once termed "100% web."

Cloud security can be a starting point, a staging post, or a final destination.

3. It will cost more in the end

Cloud security - and, indeed, all forms of cloud computing - often suffer from the preconception that paying for something upfront will be a better deal than doing so in stages.

But in the case of IT, opting for the initial expense of on-premise technology is not simply a case of finding the money for a one-off payment - whereas cloud could deliver unexpected advantages.

"Perhaps the greatest benefit is time to deployment and usage," said Archdeacon. "The relative speed with which a solution can be implemented, and the enterprise risk reduced, will be an important decision factor for any CISO."

Legacy technology, meanwhile, requires significant additional resources - both time and money - to be dedicated to installation and integration. And, even when the kit has been deployed, there is the ongoing cost of maintenance. The need to keep pace with the upgrade cycles that roll around every few years is especially important in the security space where defences need to move and evolve in line with a constantly shifting threat landscape.

4. You have to relinquish control

Many IT decision makers persist in a belief that moving from on-premise to cloud security means giving up control and allowing an unseen external party to take the reins.

But cloud actually offers a greater level of autonomy than on-premise security ever has.

Companies that use cloud solutions can scale them up and down as required, as well as adding new services and tools along the way - which could be crucial when the threats they face are constantly moving, changing, growing, and multiplying. This is in stark contrast to the legacy world, in which customers are likely to be constrained by upfront cost commitments and inflexible long-term licensing contracts.

Working with a cloud provider can also allow internal security teams to operate much more strategically.

Archdeacon said: "I remember speaking to one CIO who had been asked if they feared losing control. The response was simple: the service offered by the cloud provider was more comprehensive and consistent than they could achieve with an overstretched security team. This meant that the scarce resources could now be deployed on understanding the security business requirement more fully, and thus providing much better security than before."

5. It's just not safe

Perhaps the most damaging misconception about cloud security is that it is not as safe as its on-premise counterpart.

For some, the idea seems to be that IT security is a bit like a bodyguard - who, to fulfil their duties, need to be located right alongside the person or place they are protecting.

But simply keeping something close at hand does not mean it is any safer. Locking something up in your shed is, on balance, probably not quite as secure as stowing it away in a bank vault.

Most organisations in the public and private sector only have a couple of in-house IT security experts - at most. Entrusting those few, overworked employees with sole responsibility for protecting vast amounts of sensitive data across the entire organisation is a tall order.

Cloud security, on the other hand, is built, provided, and managed by dedicated experts from companies who specialise in nothing but protecting people's assets.

Which model would you trust - or are you already delivering security from the cloud?  Join Duo at their EMEA Partner Kick-Off on Thursday 20 September and find out more about unified-access security delivered from the cloud.

Click here to join Duo at their partner kick off.

You may also like
CTS vet Chris Bunch takes top job at AWS consultancy D55


"Culturally it feels like the kind of fast, flexible and fun place I like," Bunch said on LinkedIn

clock 26 March 2024 • 1 min read
Channel veteran Smee pops up as CEO of cloud analysis vendor


Grahame Smee, best known for his serial M&A success in the security distribution space, is looking to work with channel partners after taking the reins at Opexx Ltd

clock 11 January 2024 • 2 min read
Public cloud services revenue skyrockets nearly 20 per cent in H1 2023


New IDC figures show global public cloud services revenue jumped 19.1 per cent in the first half of 2023

clock 12 December 2023 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

'Cyber has to become seamless, unnoticed and taken for granted' - XChange UK day one, part two

'Cyber has to become seamless, unnoticed and taken for granted' - XChange UK day one, part two

Delegates looked a decade into the future of cybersecurity and heard how generate value from generative AI

Kelsey Rees
clock 07 March 2024 • 8 min read
Six cybersecurity trends for 2024

Six cybersecurity trends for 2024

Gartner lists six ways the cybersecurity market will be influenced and impacted this year

Kelsey Rees
clock 22 February 2024 • 3 min read
Cybersecurity incident response: Your company's ICU

Cybersecurity incident response: Your company's ICU

Performanta CEO Guy Golan explains why incident response is the beating heart of a cybersecurity service

Guy Golan
clock 22 September 2023 • 4 min read


Staff & Salaries 2022

Staff & Salaries 2022

A snapshot of pay and headcount trends in the UK channel

Doug Woodburn
clock 09 March 2022 • 1 min read
Midwich CEO on Nimans acquisition, 2021 results and return to pre-pandemic levels

Midwich CEO on Nimans acquisition, 2021 results and return to pre-pandemic levels

Stephen Fenby talks to CRN after Midwich’s 2021 results in which profitability exceeded pre-pandemic levels

Josh Budd
clock 08 March 2022 • 3 min read
4 more vendors suspend sales in Russia following Ukraine invasion

4 more vendors suspend sales in Russia following Ukraine invasion

IBM and Microsoft are among a number of vendors which have also announced that they will halt sales in Russia following the invasion of Ukraine.

clock 08 March 2022 • 3 min read