Published on the 26/05/2016 | Written by Beverley Head
The popularity of Software as a Service and cloud solutions may be blinkering some organisations which believe they have also offloaded security worries…
Brisbane based Gartner analyst Craig Lawson has co-authored a paper, Mind the SaaS Security Gaps, which warns CIOs and CISOs that the same security principles that are applied to in house computing also need to be applied to public cloud solutions. It notes however the influx of business bought cloud services and mobile devices have conspired to reduce rather than improve organisations’ grip on enterprise security.
“There is a perception from the business that if it adopts the cloud then the provider will take care of security. This is called cloud complacency.”
But the report notes that as multiple clouds are used – say Salesforce, Office365 and Amazon Web Services – it can be difficult to manage security cloud by cloud, and recommends a more centralised approach to security be adopted.
It’s a challenge that forms the raison d’etre for ZScaler, a cloud based security as a service offering launched in 2008 which aims to protect both cloud and mobile users by acting as an internet gate through which all traffic passes.
Michael Sutton, ZScaler CISO, is presenting at this week’s AusCERT security conference being held in Queensland, and says it’s the only approach that works for a mobile cloud focused enterprise.
While many of ZScaler 5,000 international users (about 100 of which are based in Australia) hail from the big end of town, the cloud based nature of the system means it can be used by smaller organisations with entry level pricing starting at around $15 per user per month.
The company claims it’s cheaper than organisations having to build out their own security infrastructure, or find the skills to do that.
In order to offer security as a service ZScaler has built its own cloud hosted in data centres around the world – two are in Australia. As Sutton explains; “You always access everything through the internet…now you go through us to get there.”
“The security challenge is that the security model of old is broken – it looked for bad things.” But, he said that there were gaps in visibility of bad things because of the uptake of public cloud, BYOD and mobile devices.
Initially the company was something of a one trick pony with its secure web gateway service. Sutton however said that it had extended the capability of its platform to offer advanced persisted threat services, cloud firewalls and security sandboxing.