As enterprise users seek to offload more and more IT-related functionality to cloud based security systems providers, one area of great activity is security. New cloud service providers have emerged to address a range of security needs — and several of them say they’re seeing growth in the area of 40% to 50% per year or more, despite the economic downturn caused by the pandemic.
Securing Internet users
Employees are increasingly relying on the Internet for job-related functions. However allowing employees to access the Internet opens an organisation up to a range of vulnerabilities.
Some enterprises use cloud based security systems and other on-site equipment to guard against these threats. However that approach requires a significant hardware and software investment, as well as ongoing IT support. Increasingly enterprises and managed IT service providers are finding they can save money and enhance security by using a cloud-based approach. Two providers that have arisen to address this need are iSheriff and Zscaler.
All of a client’s employee Internet usage is routed through the closest Zscaler node, where software developed internally by Zscaler applies security checks such as virus protection and URL filtering.
The latter prevents employees from connecting to inappropriate sites such as adult content sites. Zscaler also collects data from the distributed boxes and brings it back to the centralized repository, eliminating the need for a client’s IT personnel to keep track of logs located at individual client locations — a particularly useful benefit for organisations that have many locations scattered across a large geographic area.
Authorized personnel at end user organisations can access an administrative interface to Zscaler to customize policies for the organisation. For example, different companies might have different policies about data leakage — the sending of credit cards or other information to the Internet.
Zscaler sells its cloud based security systems directly to end user organisations. In addition the offering is available on a white label basis to other service providers.
Another cloud provider, iSheriff, provides cloud-based security for email communications as well as Web usage.
iSheriff’s software runs in a distributed fashion across multiple network operations centres (NOCs) worldwide, including dedicated and virtual NOCs, which are shared with other service providers.
One important benefit of using iSheriff rather than handling email and Web security in house is that iSheriff works with multiple security vendors, enabling it to address security vulnerabilities more promptly.
Another advantage of using iSheriff is that the cloud provider removes unwanted material such as spam, streaming video and malware before it gets to the customer premises, Marquez said. Often this results in a substantial reduction in the amount of traffic flowing into the company, thereby reducing bandwidth requirements and, more importantly, improving the performance of online applications the client may be providing to its customers.
iSheriff didn’t set out to be a cloud provider. Initially the company planned to focus on selling its software to telcos and other cloud-based providers, and that is still one sales channel for the company. However it opted to become a cloud-based provider itself in response to market demand and as a way of maximizing its return on investment.
Online retail security
Organisations that accept credit cards online have their own unique security requirements, and those organisations are a key target market for cloud based security systems provider, Alert Logic. The cloud security provider offers cloud-based security services such as intrusion management, vulnerability assessment and log management, many of which are mandated by payment card industry (PCI) guidelines.
The on-premises appliance collects and encrypts data and sends it to Alert Logic’s own network operations centre (NOC). The provider operates two data centres it built from the ground up that are 100% redundant. The company also provides a self-service dashboard that clients can use, for example, to request reports.
Viruses and malware aren’t the only concerns organisations face as the Internet becomes increasingly important to their business. As more and more employees use multiple Internet-based applications such as salesforce.com, another important concern is to manage employee access. If an employee leaves an organisation, the organisation wants to ensure that the employee can no longer access company applications.
And if an employee needs access to multiple Web-based apps, it’s more convenient for the employee to be able to log in just once and gain access to all of those applications, rather than having to log on to each one separately.
Symplified’s cloud based security systems are based on a managed appliance that can be located on the customer premises or within Amazon’s cloud. Even if it is located on the premises, Symplified handles management of the device.
In addition to enterprise organisations, Symplified also sells its service to other cloud providers, which use it to give their customers a single sign-on to multiple cloud-based applications.