OR WHY THE CLOUD WILL SUPPLANT ON-PREMISE FOR SECURITY INITIATIVES
Erasmus Wilson, the celebrated Oxford professor once proclaimed, “When the Paris Exhibition [of 1878] closes, electric light will close with it and no more will be heard of it.” History is littered with those who refused to embrace the obviousness of the future. Didn’t Digital founder Ken Olsen prognosticate “There is no reason anyone would want a computer in their home,” in 1977. (His company was broken up for parts after its acquisition by Compaq in 1998.)
There are many of us who have been around IT long enough can even remember how storing 1MB on a 3.5” hard case floppy disk was cutting edge IT. Yes, I remember punch cards too, but the point is that IT grows up. It advances, evolves. Thirty years on from those halcyon days, IT is facing its latest crossroads: the movement away from on-premise solutions and the acceptance of cloud-based computing as the chief business driver.
I was amused at the headline from a recent CRN article Solution Providers Stuck in the On-Premise World Are Dead Men Walking. Ostensibly the author is positing the cloud computing model is the future (especially for MSPs).
“The winners will be nimble, agile and comfortable operating in a world where information technology innovation is moving at an exponential rate. That exponential rate of change has obliterated the old product-dominated solution provider business model in favor of a services model where annuity-based managed services/professional services with a high quotient of a partner’s own intellectual property are front and center.”
Readers of this blog will note that I whole-heartedly agree. However, there are many that still cling to their metaphorical floppy disks; the resource-heavy, on-premise solutions that continually depreciate while still siphoning funds from capital expenditures long after their purchase, installation and “phased” upgrades. In fact (according to the article), on-premise/legacy assets are becoming less profitable and an increasingly heavy drain..
“Making the cut for partners used to the old legacy IT product world is a Herculean task. The balance sheets of most large enterprise partners, insiders say, are dominated by on-premise infrastructure products with a services component that usually comes in at less than 10% of sales or at best 20% of sales, little of it annuity-based and with a meager 2% operating profit.”
With that said, there is still a great deal to be done before with cloud computing before all the hype and half-considered promises of ROI. In 1878, the world wasn’t ready to embrace the light bulb as a permanent replacement for the kerosene lamp. But by 1893 (at the Chicago World’s Fair) the invention seemed destined to become the standard. It would be more than just a novelty used in the homes of the wealthy. We are looking at cloud computing the same way. At first there was skepticism, but once it proved to be commoditized and safe, it will be the measure of how an IT department functions. Those that hold on to their skepticism will eventually be left in the dark like poor Doctor Wilson.
One of the key stumbling blocks towards universal acceptance of the cloud as a holistic business driver is the thought that security is sub-standard and on-premise security is ironclad. There are several issues I have with that argument. First is the evolving nature of the modern enterprise. It is no longer an entity you can build a wall around. Perimeters have been erased and the reach of some of the most basic business functions are no longer controlled within the walls of the organization. Companies are already using cloud-based applications to the degree of many billion dollars per year. And to that end, they are realizing the benefits, efficiencies and cost savings. On-premise proponents point to the risks associated with data security, privacy and compliance as reasons the kerosene lamp is better than the light bulb.
The spuriousness of that brings me to my second point: my fervent belief that tools merely carry out the processes and decisions of intelligent managers. I’ve made this assertion before—it doesn’t matter if your security is on-premise or deployed and managed from the cloud; If you don’t know what to look for/analyze, if you don’t monitor in real time, if you de-centralize security functions so that the left-hand isn’t working in conjunction with the right, if there are gaping holes in your vulnerability assessments–an open barn door is easy to enter, regardless if there is a lock.
Let’s look closer at security. There’s no silver bullet for protection. If there were, organizations like Bank of America or Crescent Healthcare, or Sophos, or the South Carolina Department of Revenue and a litany of others would not be in the news regarding data breaches. This is not to say these companies and the hundreds of thousands of others like them do not have adequate security tools. Eight times out of ten, what they lack(ed) is a cohesive process that would have alerted them earlier to telling issues. However, with the right tools in place and the right resources analyzing them and following a best practice protocol, could they prevent the Chinese government from hacking or Ned from sales clicking on a suspect email or a former employee meddling with a sensitive database? In most cases, yes.
But what does this have to do with the cloud? It eliminates cost as a predetermining factor. It allows you to focus on the best practice. Cloud-based security expands your options when it comes to your current initiative. With on premise, the cost and resources necessary to make it successful force choices and either or propositions. SIEM or SSO. Access management or identity credentialing. The effectiveness of a cloud deployment allows an organization not only to unify, but centralize. Now the decision regarding on-premise versus cloud comes down to functionality and scope. If your cloud deployment can accomplish everything an on-premise tool can, it is typically in the best interest of your enterprise to make the most cost-effective decision that will accomplish the goal. If you get more functionality for a fraction of the cost, why would on-premise be a consideration?
But the naysayers are already grinding their teeth “on-premise deployments are more dependable, controllable, powerful, secure, and is the only way I can accomplish X.” I am not out to replace all the hard work you have customized over the years… accept to say I challenge you to take a fresh look at a unified integrated security platform from the cloud. See for yourself if the functionality meets the sniff test. Oh yeah, they used to say kerosene lamps are brighter, more reliable, and tungsten filaments are prone to explosion (despite the fact that in 1880 nearly two of every five New York City fires were caused by defective kerosene lamps)!
Enough history…you’re concerned about data leakage, user carelessness and the like. When it comes to best practices, it truly boils down to prevention, detection and response. These are supported by a variety of solutions—both cloud and on-premise. The challenge is that all things aren’t equal. A mid-sized credit union does not have the same resources as a national bank, but is saddled with the same concerns and compliance issues. The modest clinic still needs to ensure privacy as much as St Jude’s. In terms of security, the cloud security (security-as-a-service) can be the great equalizer.
Now I don’t say on premise tools are as dead as the dodo. There’s room for legacy AND cloud even in terms of a single security initiative. What I do say is that moving forward IT executives must consider cloud-based options–for the cost, the convenience, the added functionality, scalability and most important, the proper alignment with future business needs and goals.
And just to be fair to the esteemed Erasmus Wilson and Ken Olsen, they were not the only ones with their feet turned backwards and anchored in the past.
Who still owns 600 vinyl LPs! (but also owns an iPod, and subscribes to an online streaming music site!)