The Cost of Cloud Security
There are a variety of reasons why investing in the security of your business is critical to you staying in-business, but many firms often believe they have certain capabilities such as backups or advanced antivirus when they in fact lack any of these capabilities.
For a definition of ‘the Cloud’ please see here.
One common example is when organisations move to Microsoft’s Office 365 platform or Google’s GSuite in the belief that this offers greater resilience to their business, and it is the case these services often have high-uptime. It is incredibly difficult to achieve the ‘Five Nines‘ and both Microsoft and Google routinely fail on this level of service, but broadly they do remain online.
Simply being online is not the be all and end all of cloud security, primarily because these systems are accessible 24/7 and from anywhere globally – therein meaning your email and data storage platform are ripe pickings for cyber-criminals. Many organisations believe that Microsoft and Google, or other providers, kindly offer backups as part of the service: they do not offer backups or accept liability for lost data.
In the above scenario your business would have to spend additional sums in order to have a third-party organisation provide you Cloud backups, creating vendor-lock-in which prevents you from avoiding price rises, and additionally having to purchase extra licenses in order to ‘unlock’ security features such as Conditional Access policies.
The cost of Cloud Security is actually quite high, each of the modules you seek to purchase are expensive and lock you in to further price rises within that ecosystem, and when it comes to the cloud there is no such thing as a free lunch.
Unexpected expenses are often the most risky
For organisations which move critical or sensitive workloads to a Cloud platform it is critical to price-in security and resilience costs, such as monthly backups which are often at five pounds per user per month and licenses to unlock two-factor authentication.
These costs are often only made apparent in hindsight, following an interested party such as an auditor, well-meaning technician or customer insisting on these security standards being present in your business; many businesses fail to recognize these risks until a security incident or breach occurs.
The above expenses may seem incongruous with what your business has been advised previously by Managed Service Providers, however to their mind it is incredibly convenient to sell you high-margins services without having to worry about the efficacy of the platforms they sell.
Being able to achieve a stable system using Cloud-hosted services is complex and resilience is not achieved by using a single Cloud-vendor who can hold your business to ransom, or act as an enabler for cyber-criminals to do so.
De-risking your IT portfolio and working in a vendor-neutral, capability driven way is how you can achieve steady growth without worrying about whether a particular feature being enabled will make or break your business.
Hayachi Services have worked with international law firms and global hosting providers who freely pass sensitive information such as VPN backdoors in email to our dismay, poor practice will ultimately cost your business more than you could imagine.
Reducing the cost of cloud security
Not all is lost when it comes to unified Cloud-security, unified being a single platform which talks to many others.
Opswat are lauded across critical infrastructure and financial services firms for their vendor-neutral security platform which enables you to use the best-on the market without the commercial fuss.
Endpoint Security, Email Security and Network Security platforms are often papered-over in favour of ‘shiny’ solutions to the detriment of small-firms. There are fundamentals which every business must focus on no matter where they operate, and these readily translate to larger organisations as well.