Welcome!

SDN Journal Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Why the Cloud Will Supplant On-premise Security

Accepting cloud-based computing as the chief business driver and avoiding the fate of Erasmus Wilson

Erasmus Wilson, the celebrated Oxford professor once proclaimed, "When the Paris Exhibition [of 1878] closes, electric light will close with it and no more will be heard of it.” History is littered with those who refused to embrace the obviousness of the future. Didn’t Digital founder Ken Olsen prognosticate “There is no reason anyone would want a computer in their home,” in 1977. (His company was broken up for parts after its acquisition by Compaq in 1998.)

There are many of us who have been around IT long enough can even remember how storing 1MB on a 3.5” hard case floppy disk was cutting edge IT.  Yes, I remember punch cards too, but the point is that IT grows up. It advances, evolves. Thirty years on from those halcyon days, IT is facing its latest crossroads: the movement away from on-premise solutions and the acceptance of cloud-based computing as the chief business driver.

I was amused at the headline from a recent CRN article Solution Providers Stuck in the On-Premise World Are Dead Men Walking. Ostensibly the author is positing the cloud computing model is the future (especially for MSPs).

“The winners will be nimble, agile and comfortable operating in a world where information technology innovation is moving at an exponential rate. That exponential rate of change has obliterated the old product-dominated solution provider business model in favor of a services model where annuity-based managed services/professional services with a high quotient of a partner's own intellectual property are front and center.”

Readers of this blog will note that I whole-heartedly agree. However, there are many that still cling to their metaphorical floppy disks; the resource-heavy, on-premise solutions that continually depreciate while still siphoning funds from capital expenditures long after their purchase, installation and “phased” upgrades.  In fact (according to the article), on-premise/legacy assets are becoming less profitable and an increasingly heavy drain..

“Making the cut for partners used to the old legacy IT product world is a Herculean task. The balance sheets of most large enterprise partners, insiders say, are dominated by on-premise infrastructure products with a services component that usually comes in at less than 10% of sales or at best 20% of sales, little of it annuity-based and with a meager 2% operating profit."

With that said, there is still a great deal to be done before with cloud computing before all the hype and half-considered promises of ROI. In 1878, the world wasn’t ready to embrace the light bulb as a permanent replacement for the kerosene lamp. But by 1893 (at the Chicago World’s Fair) the invention seemed destined to become the standard. It would be more than just a novelty used in the homes of the wealthy. We are looking at cloud computing the same way. At first there was skepticism, but once it proved to be commoditized and safe, it will be the measure of how an IT department functions. Those that hold on to their skepticism will eventually be left in the dark like poor Doctor Wilson.

One of the key stumbling blocks towards universal acceptance of the cloud as a holistic business driver is the thought that security is sub-standard and on-premise security is ironclad. There are several issues I have with that argument. First is the evolving nature of the modern enterprise. It is no longer an entity you can build a wall around. Perimeters have been erased and the reach of some of the most basic business functions are no longer controlled within the walls of the organization. Companies are already using cloud-based applications to the degree of many billion dollars per year. And to that end, they are realizing the benefits, efficiencies and cost savings. On-premise proponents point to the risks associated with data security, privacy and compliance as reasons the kerosene lamp is better than the light bulb.

The spuriousness of that brings me to my second point: my fervent belief that tools merely carry out the processes and decisions of intelligent managers.  I’ve made this assertion before—it doesn’t matter if your security is on-premise or deployed and managed from the cloud; If you don’t know what to look for/analyze, if you don’t monitor in real time, if you de-centralize security functions so that the left-hand isn’t working in conjunction with the right, if there are gaping holes in your vulnerability assessments--an open barn door is easy to enter, regardless if there is a lock.

Let’s look closer at security. There’s no silver bullet for protection.  If there were, organizations like Bank of America or Crescent Healthcare, or Sophos, or the South Carolina Department of Revenue and a litany of others would not be in the news regarding data breaches. This is not to say these companies and the hundreds of thousands of others like them do not have adequate security tools. Eight times out of ten, what they lack(ed) is a cohesive process that would have alerted them earlier to telling issues. However, with the right tools in place and the right resources analyzing them and following a best practice protocol, could they prevent the Chinese government from hacking or Ned from sales clicking on a suspect email or a former employee meddling with a sensitive database? In most cases, yes.

But what does this have to do with the cloud? It eliminates cost as a predetermining factor. It allows you to focus on the best practice. Cloud-based security expands your options when it comes to your current initiative.  With on premise, the cost and resources necessary to make it successful force choices and either or propositions. SIEM or SSO. Access management or identity credentialing. The effectiveness of a cloud deployment allows an organization not only to unify, but centralize. Now the decision regarding on-premise versus cloud comes down to functionality and scope. If your cloud deployment can accomplish everything an on-premise tool can, it is typically in the best interest of your enterprise to make the most cost-effective decision that will accomplish the goal. If you get more functionality for a fraction of the cost, why would on-premise be a consideration?

But the naysayers are already grinding their teeth “on-premise deployments are more dependable, controllable, powerful, secure, and is the only way I can accomplish X.”  I am not out to replace all the hard work you have customized over the years… accept to say I challenge you to take a fresh look at a unified integrated security platform from the cloud. See for yourself if the functionality meets the sniff test. Oh yeah, they used to say kerosene lamps are brighter, more reliable, and tungsten filaments are prone to explosion (despite the fact that in 1880 nearly two of every five New York City fires were caused by defective kerosene lamps)!

Enough history…you’re concerned about data leakage, user carelessness and the like. When it comes to best practices, it truly boils down to prevention, detection and response. These are supported by a variety of solutions—both cloud and on-premise.  The challenge is that all things aren’t equal. A mid-sized credit union does not have the same resources as a national bank, but is saddled with the same concerns and compliance issues. The modest clinic still needs to ensure privacy as much as St Jude’s. In terms of security, the cloud (security-as-a-service) can be the great equalizer.

Now I don't say on premise tools are as dead as the dodo. There's room for legacy AND cloud even in terms of a single security initiative. What I do say is that moving forward IT executives must consider cloud-based options--for the cost, the convenience, the added functionality, scalability and most important, the proper alignment with future business needs and goals.

And just to be fair to the esteemed Erasmus Wilson and Ken Olsen, they were not the only ones with their feet turned backwards and anchored in the past.

  • "Two years from now, spam will be solved."  Bill Gates, founder of Microsoft, 2004
  • "I predict the Internet will soon go spectacularly supernova and in 1996 catastrophically collapse."  Robert Metcalfe, founder of 3Com, 1995
  • "Apple is already dead." Nathan Myhrvold, former Microsoft CTO, 1997
  • "Nuclear-powered vacuum cleaners will probably be a reality within ten years." Alex Lewyt, president of Lewyt vacuum company, 1955
  • "Television won't be able to hold on to any market it captures after the first six months. People will soon get tired of staring at a plywood box every night." Darryl Zanuck, executive at 20th Century Fox, 1946
  • "This 'telephone' has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us." -- Western Union internal memo, 1876.
  • "With over 50 cars already on sale here, the Japanese auto industry isn't likely to carve out a big slice of the U.S. market." -- Business Week, August 2, 1968.
  • “We will never make a 32-bit operating system.”  Bill Gates, founder of Microsoft
  • “Bell-bottoms will never go out of style!” Kevin Nikkhoo, 1976

Kevin Nikkhoo
Who still owns 600 vinyl LPs! (but also owns an iPod, and subscribes to an online streaming music site!)
www.cloudaccess.com

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@CloudExpo Stories
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
Announcing Poland #DigitalTransformation Pavilion
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
CloudEXPO | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors!
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
HyperConvergence came to market with the objective of being simple, flexible and to help drive down operating expenses. It reduced the footprint by bundling the compute/storage/network into one box. This brought a new set of challenges as the HyperConverged vendors are very focused on their own proprietary building blocks. If you want to scale in a certain way, let's say you identified a need for more storage and want to add a device that is not sold by the HyperConverged vendor, forget about it...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Google, and doing that on-prem. We believe today that you can actually get those types of things done with certain architectures available in the market today," explained Steve Conner, VP of Sales at Cloudistics, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more than 24 years of IT Operations experience with a focus on highly-scalable architectures.
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...