The Fallacy of "On-Prem" Security
One thing I often hear from customers is that they prefer "on-prem" security. Unfortunately, there really is no such thing anymore. All security is cloud security, with an "on-prem" component. Any firewall worth its muster will have a cloud feed for URL filtering (which is the crux of modern security as firewalling by IP addresses provides little value when one IP addresses may hosts thousands of URLs). Endpoint security products, similarly, are an agent installed on an endpoint which uses cloud intel to detect (and hopefully respond to) malware. The days of A/V signature matching are long gone, thanks to the sophistication of malware these days.
Of course, it only makes sense that in a cloud world, security be cloud security. That is not noteworthy. However, too few security practitioners realize that all security is cloud security these days. They have a false sense of security that by having sheet metal under their control, they have "on-prem" security and have full control of their security solution. They dont. What they have is a physical and software agent for perimeter security in their DC.
One concern I often hear from customers as they realize that its all cloud security is a concern about "what if I lose connectivity to my security provider?" There are two things to consider in this instance: 1) a poorly designed security provider will not have the appropriate redundancy measures built in, making this a highly more likely scenario. 2) Malware and bad actors use the same internet as your security provider to reach you, so a loss of connectivity to a security provider as a result of a catastrophic event will also mean that those actors cannot reach you. Having said all of that, I do think it is critical for customers who look at security solutions to understand that all security solutions are cloud security solutions. Therefore, understanding the connectivity and architecture of your security provider is as important as understanding the functionality they provide as all that functionality could just as easily disappear.
Ethical Hacker | Sec Ops Expert | Cybersecurity Architect
2 年Maria! You make a valid point that all security is now cloud security. It's important for customers to understand that modern security solutions rely on cloud feeds for URL filtering and use cloud intelligence to detect and respond to malware. Your emphasis on the importance of understanding the connectivity and architecture of a security provider is also noteworthy. A concern often raised by customers is the possibility of losing connectivity to their security provider, but as you mentioned, a well-designed security provider will have appropriate redundancy measures in place. Thanks for shedding light on this important topic. Some recommendations for organization looking for a security solution are to understand that all security solutions are cloud-based, assess the connectivity and architecture of the security provider, look for a comprehensive solution, evaluate the provider's track record, ask about the incident response plan, consider scalability and compliance, and continuously monitor and review the security solution.
Technical Sales Professional | Passionate about Cloud Solutions | Security-Driven Infrastructure Design
2 年Great post lots of food for thought