Under the it-security umbrella

This morning I participated in an interesting seminar on it-security hosted by Wingmen and with the keynote speech from Cisco.  The two companies presented some valuable practical experiences of security threats and relevant mitigation tools and methods.

One of the major trends in it-security is that it-security along with it-applications is gradually moving to the cloud. This offers many major benefits but unfortunately also a couple of drawbacks. Let’s run through the essentials:

1.       Availability and affordability: Yes, cloud-based security is readily available. Some limitations may apply to achieving full security on all platforms. Check whether all your particular server OS are supported. Whether they are affordable is a tougher question. The first thing to look for is whether the security service includes all relevant services or expensive add-ons are needed. The next is to look for the pricing scheme. Here a per-user pricing will often be more attractive than a per-device pricing.

2.       Contracting platform. Government agencies and municipalities should check the Danish procurement agency’s new framework contract 50.07 where cloud-based security solutions have their own category. Private companies can either procure cloud-based services directly or through their own framework agreements with their particular vendors.

3.       Cloud, on-premise or mixed setup. Being cloud based offers the special benefit of enabling aggregation and quick availability of threat forensics and threat mitigations. But don’t remove your firewall anytime soon. You will still need perimeter protection at your individual sites.

4.       Other issues. Being cloud based entails assessing how to keep control over data processing being performed by an outside agency. With GDPR, ISO27001 and other governance issues that could make the transition to cloud-based security cumbersome. Check whether your cloud-based solution is operated within the EU or shares information with entities outside the EU. Your will need to have your vendor sign a data processing agreement and maybe fill out a data export form before you commit.