Way back in October, 2015, Gartner predicted big things for cloud computing security when they boldly opined “Through 2020, 95 percent of cloud security failures will be the customer's fault”. While there is no way to quantitatively validate this hypothesis, there are plenty of data points to support this assertion.
The RedLock Cloud Security Intelligence (CSI) Team - our elite group of security analysts, data scientists and data engineers dedicated to uncovering serious threat vectors - consistently discover faults that can only be attributed to customer ‘mistakes’, be they resource misconfigurations or security vulnerabilities. For example, in their latest Cloud Security Trends Report (May 2018), the team found that 85% of cloud resources associated with security groups don’t restrict outbound traffic at all, a 5% increase from only a year ago. That’s an astounding number of under-utilized security groups. It is a best practice that security groups, the cloud equivalent of a firewall, should always be configured to restrict outbound traffic based on policy.
Simply put, security and compliance for resources in public cloud computing environments is a requirement. While few would debate that statement, there are plenty of opinions about how to implement cloud computing security. Should I build it myself using some combination of free, open source tools along with some of the evolving capabilities the cloud providers are rolling out? Should I investigate a SaaS-based compliance and security solution like RedLock? Or should I use traditional on-premise security products and tools? According to a survey by Crowd Research Partners, only 16% of organizations found their existing security measures were adequate to protect them in the cloud.
Building a solution internally may initially sound attractive to many organizations - until the reality sets in that the time, resources and expertise needed for evaluating, selecting (or developing), integrating, deploying, managing and maintaining a home-grown solution is a huge undertaking. For those that have attempted to build their own solutions, the results are often incomplete and ineffective in addressing the most basic cloud security challenges.
To help provide clarity around a ‘build or buy’ decision, RedLock has developed a white paper titled “The Business Case for Cloud Threat Defense”. It is a great resource that will help you understand the benefits, costs, issues and risks associated with your journey to a compliance and security solution in the cloud. The guidance is not theoretical; we surveyed our own customers and built a financial model that reflects RedLocks’s benefits compared to a ‘build-it-yourself’ solution.
Key Findings of RedLock Cost-Benefit Analysis
Based on sample sizes of representative customer cloud environments, we found the three-year ROI% for RedLock are estimated* as:
I encourage you to download a copy of this important white paper. Organizations can expect to save substantial money, time and resources, while also ensuring compliance and maintaining a strong security posture when using RedLock. Savings accrue in many areas, including reduced labor associated with: audits, third-party posture assessment, threat investigation, and third-party tool management. Ancillary systems such as third-party SIEMs can be avoided altogether. Perhaps most importantly, RedLock can reduce the likelihood of a security breach, further protecting organizational assets. The detailed analysis for this RedLock Cost-Benefit analysis can be found by downloading the white paper here.