Cloud Keeps Customers Compliant in an SD-WAN, Hybrid, BYOD World

Bill Wohnoutka

By Bill Wohnoutka, VP, Security Solutions Sales, Level 3

Increasing use of unsecured broadband and mobile devices by remote workers is accelerating the need for a new, flexible strategy to protect users regardless of how they access enterprise assets. This discussion needs to be part of your sales strategy for many of today’s hottest technologies. For example, SD-WANs are popular with the channel and customers. They promise all the benefits of network orchestration by delivering ease of design, deployment and management for connecting remote locations to an IP/VPN — but the presence of premises-based x86 equipment perpetuates the need to manage a complex device, potentially running four or five different virtualized functions from multiple “best of breed” vendors.

Furthermore, SD-WAN solutions do little or nothing to protect enterprise users on mobile or broadband networks.

Meanwhile, in-house network and security staffs run lean. We typically see one to two dedicated security employees in our midsize to large enterprise customers. The budget to hire, train, retain and retrain a larger staff simply does not exist.

It’s no surprise, then, that hardware-based prevention and detection tools consume the largest share of the IT security budget: If you can’t pay people to stand guard, you buy solutions. However, as IT budgets continue the transition from capex to opex – with capital preserved for strategic investments – the pressure is on to find similar “pay as you go” and “expand as you go” solutions for security. Delivering against governance, risk and compliance objectives remains the No. 1 task for senior IT executives today, and that accountability brings these issues in front of the board of directors regularly.

Partners who can’t step in with advice and solutions may find themselves replaced.

The Answer? Push Into the Cloud

Much has been said about the fear of compromised security in the cloud ecosystem — and cloud does not absolve customers of responsibility. Still, incorporating cloud-based services into a multi-layered security approach undoubtedly provides opportunities to defend users, devices and applications with tools that simply could not be provided with a perimeter-based hardware security strategy.

Let’s look at three selling benefits of cloud, backed up by stats.

“By 2020, 85 percent of large enterprises will use a cloud access security broker platform for their cloud services, which is up from less than 5 percent today.” —Gartner, “Market Guide for Cloud Access Security Brokers.”

In many cases, the only physical barrier standing in front of network security appliances in a remote location is a locked door. Migrating enterprise security controls from hardware located on premises into a cloud-security service puts multi-layered physical security in place immediately. More importantly, using a cloud-security service will enable you to …

… work with customers to define a virtual security perimeter to protect users and devices regardless of how or from where they access applications and assets.

As BYOD becomes an increasingly important concern within compliance frameworks, this selling point of a cloud security solution should not be overlooked. Cloud security controls give customers the ability to extend role- and zone-based policies governing network access, content filtering and application control. They also extend monitoring visibility for behavioral anomalies that may be an indicator of compromise, such as communication with an external command and control server, data leakage or malware delivery.

“There will be an estimated 1 million cybersecurity job openings in 2016, with the number expected to increase to 1.5 million by 2019.” —Forbes, “One Million Cybersecurity Job Openings In 2016.”

With a cloud security solution, much (though not all) of the break/fix burden around hardware and patching and upgrading of operating-system and security software, as well as maintenance of policies through various orchestration tools and rule bases, moves to the cloud-security provider. Offloading all that, along with the obligation to react and respond to availability and performance issues, presents a very compelling value proposition to an overtasked staff.

In addition, the three- to five-year forklift upgrade and refresh cycle transfers into the domain of the cloud security provider. That may be good news for customers, but for partners, it highlights the need to replace these sources of income. Options include developing a security event and information management (SIEM) offering and helping customers reaching the end goal governance, reporting and compliance (GRC) across the enterprise.

“Hiring and retaining security practitioners, particularly analysts in the SOC, is difficult and expensive. According to our surveys, 58 percent of North American and European security decision-makers say hiring cybersecurity practitioners is a major challenge for them.” —Forrester, “Your Next Security Analyst Could Be a Computer.”

Adding security experts to an IT team is an expensive, time-consuming process, and qualified people are very difficult to retain. In contrast, the economy of scale is at play in cloud-security services. These providers have the means to attract world-class security experts and supply them with industry-leading tools and training, multiple third-party threat/reputation feeds, and a platform that can identify and correlate indicators of compromise. Because they are monitoring an entire threat landscape rather than a single network, cloud security providers are in a good position to bring the knowledge of their community of users to bear identifying zero-day exploits as soon as they appear in the wild.

Channel partners, assess your capabilities and readiness to participate in the coming market shift. Premises-based hardware security has long been the domain of very specialized partners, but these new cloud security services will favor providers who can bring a well-integrated combination of IP/VPN, SD-WAN and cloud security services side by side.

Bill Wohnoutka is vice president of the security solutions sales team at Level 3. In this role, he leads the North American region product subject-matter experts who support Level 3’s account teams and customers to achieve best practices in the design and implementation of internet security solutions. Over the past 18 years, Bill has held various leadership roles in Level 3’s sales and marketing organizations.