Editor’s note: The following was written by Venkatesh Ravindran, VP of Security & Resilience at Colt Technology Services.
Post-pandemic change and economic uncertainty have many organizations looking for new ways to stretch scarce resources. However, some are unaware of how large a role IT and cybersecurity optimizations can play in these efforts.
That’s particularly true of organizations still using traditional castle-and-moat architecture, powered by “last-gen” security technologies. Over time, these dated technologies tend to pile up in layers in the form of security appliances. Not all interoperate or function well within existing infrastructure and their value declines year after year.
And as layer upon layer of legacy systems and redundant methods build up, accomplishing anything becomes slower and more costly. Security managers are forced to spend a tremendous amount of time on routine details, like update management and cross-domain event correlation that don’t represent the best use of their resources. They can’t focus on what matters: creating and continuously enhancing the holistic security strategy to minimize cyber risk and the associated consequences.
As the organization expands, these problems multiply. For every new branch office or data center, organizations must make new capital expenditures on more security hardware and software to orchestrate them all to achieve strategic aims. Security managers inevitably find it harder and harder to get their arms around this larger and larger pile of assets.
Meanwhile, in a post-pandemic world, a much larger percentage of the workforce is, and will remain, remote. That means the traditional security architecture, which focuses on a security perimeter surrounding central sites, is simply out of date. It secures a much smaller percentage of the workforce than it did only five years ago.
Adopting cloud-based security can cut costs
Fortunately, resolving all these issues effectively, cost-efficiently, and simultaneously is possible. Migrating to cloud-hosted cybersecurity reduces tech operating costs and complexity. It can increase overall business agility, improve users’ experience, and reduce the risk of a catastrophic breach.
Let’s explore how.
Reduce operational costs and complexity
By partnering with a cloud-hosted zero-trust security specialist, customers not only get the benefits of that partner’s technology but can in many cases stop paying for their own.
For instance, many organizations rely on pricey multiprotocol label switching (MPLS) network links and backhaul networking to secure branch offices and data centers. Given a top-tier cloud-based security partner, there is no need to do this any longer. The internet becomes the connectivity backbone.
And what happens to the numerous security appliances that choke data centers, hog power and pump out heat, leaving frustrated security managers to deal with the nightmarish administrative overheads? Most of this hardware simply becomes redundant overnight.
Overall, we estimate up to 90% of these appliances are typically eliminated in the shift to the cloud, along with all their associated costs and complexities. Security admins may find more time to devote to big-picture, end-to-end strategy, where their skills and expertise pay dividends.
Furthermore, as organizations grow in size and complexity, the value of these improvements grows proportionally. The capital expenditures previously required for growth are transformed into operational expenditures for security services and assets. And due to the nature of the cloud services model, operations and updates are the responsibility of the provider.
Accelerate agility, reduce risk, and cut costs
People like to talk about agility, but it’s not always clear what they mean.
If you want to travel from A to B, you don’t want to have to think about the cyclical process of lifting your foot, maintaining balance, and taking one step in front of the other; your goal is getting to your destination.
The same goes with optimizing security: your focus needs to be on the end goal – your business strategies, its rollout, and its outcome – not the details of the technical implementation. Easier said than done, right?
Fortunately, cloud security often helps turn ideas into operations faster than is possible with legacy hardware.
Suppose, for instance, your organization acquires another. You now have the challenge of integrating two completely different sets of security solutions and processes, as designed by different teams for different reasons. And you have to get it all done as quickly as possible, without introducing new vulnerabilities or increasing your total attack surface.
Anyone involved in such a situation knows that’s a rough road to travel. With cloud-delivered zero-trust security, on the other hand, merging IT operations can often be accomplished in a matter of days. Instead of having to link and integrate your security assets with the other organization’s, you simply add its system to your cybersecurity partner’s responsibilities. You can read a blog written by Steven Singh, Zscaler’s Global Vice President of Mergers and Acquisitions, that explains how cloud-based architecture enables faster and more secure business assimilation.
Top-tier multi-tenant zero trust cloud-hosted architecture can fully assume the new workload without breaking a sweat. The acquired company’s infrastructure then inherits the same zero-trust capabilities and benefits you’ve been getting all along — for instance, an estimated 85% reduction in successful ransomware attacks, compared to a perimeter security strategy.
Yet you didn’t have to inventory the acquisition’s assets, determine compatibility with your own, create an optimization strategy and a rollout calendar, delegate people to manage the transition, and oversee it over an unpredictable period.
Real-world outcomes are the ultimate proof points
Consider Colt Technology Services, a global digital infrastructure company, where I’m based. When we recently transitioned to become a cloud-first organization, we had assets and facilities in multiple geographic locations around the globe. We were interested in making better use of smart automation while coming to grips with developing hybrid work environments for our staff and customers.
Recent experience taught us that significant IT optimizations tended to be slow and laborious. Our most recent overhaul, only a few years prior, took close to eighteen months. However, by working with a cloud security service provider, we were able to execute a custom deployment strategy in only 120 days.
Since then, we have simplified connectivity, streamlined security posture management, and extended a consistent set of policies to all of our global offices. Colt shifted to a primarily cloud-hosted infrastructure approach, so capital expenditures for security are way down. We were able to decommission almost all security appliance hardware, no longer had to manage or update our physical security stack, and could provide a seamless hybrid work environment for our workforce.
Our staff, whether working from home or the office, reported faster performance for key services, which translated to higher productivity. And our security team’s focus has shifted from managing pain points to implementing business strategies.
For more details, check out the webinar we recorded with Zscaler.
What to read next
The economic rationale for secure digital transformation
The CISO’s challenge: Can you secure the supply closet?
Mergers and acquisitions: How zero trust helps achieve a competitive advantage