Welcome!

Agile Computing Authors: Pat Romanski, Zakia Bouachraoui, Elizabeth White, William Schmarzo, Liz McMillan

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Why the Cloud Will Supplant On-premise Security

Accepting cloud-based computing as the chief business driver and avoiding the fate of Erasmus Wilson

Erasmus Wilson, the celebrated Oxford professor once proclaimed, "When the Paris Exhibition [of 1878] closes, electric light will close with it and no more will be heard of it.” History is littered with those who refused to embrace the obviousness of the future. Didn’t Digital founder Ken Olsen prognosticate “There is no reason anyone would want a computer in their home,” in 1977. (His company was broken up for parts after its acquisition by Compaq in 1998.)

There are many of us who have been around IT long enough can even remember how storing 1MB on a 3.5” hard case floppy disk was cutting edge IT.  Yes, I remember punch cards too, but the point is that IT grows up. It advances, evolves. Thirty years on from those halcyon days, IT is facing its latest crossroads: the movement away from on-premise solutions and the acceptance of cloud-based computing as the chief business driver.

I was amused at the headline from a recent CRN article Solution Providers Stuck in the On-Premise World Are Dead Men Walking. Ostensibly the author is positing the cloud computing model is the future (especially for MSPs).

“The winners will be nimble, agile and comfortable operating in a world where information technology innovation is moving at an exponential rate. That exponential rate of change has obliterated the old product-dominated solution provider business model in favor of a services model where annuity-based managed services/professional services with a high quotient of a partner's own intellectual property are front and center.”

Readers of this blog will note that I whole-heartedly agree. However, there are many that still cling to their metaphorical floppy disks; the resource-heavy, on-premise solutions that continually depreciate while still siphoning funds from capital expenditures long after their purchase, installation and “phased” upgrades.  In fact (according to the article), on-premise/legacy assets are becoming less profitable and an increasingly heavy drain..

“Making the cut for partners used to the old legacy IT product world is a Herculean task. The balance sheets of most large enterprise partners, insiders say, are dominated by on-premise infrastructure products with a services component that usually comes in at less than 10% of sales or at best 20% of sales, little of it annuity-based and with a meager 2% operating profit."

With that said, there is still a great deal to be done before with cloud computing before all the hype and half-considered promises of ROI. In 1878, the world wasn’t ready to embrace the light bulb as a permanent replacement for the kerosene lamp. But by 1893 (at the Chicago World’s Fair) the invention seemed destined to become the standard. It would be more than just a novelty used in the homes of the wealthy. We are looking at cloud computing the same way. At first there was skepticism, but once it proved to be commoditized and safe, it will be the measure of how an IT department functions. Those that hold on to their skepticism will eventually be left in the dark like poor Doctor Wilson.

One of the key stumbling blocks towards universal acceptance of the cloud as a holistic business driver is the thought that security is sub-standard and on-premise security is ironclad. There are several issues I have with that argument. First is the evolving nature of the modern enterprise. It is no longer an entity you can build a wall around. Perimeters have been erased and the reach of some of the most basic business functions are no longer controlled within the walls of the organization. Companies are already using cloud-based applications to the degree of many billion dollars per year. And to that end, they are realizing the benefits, efficiencies and cost savings. On-premise proponents point to the risks associated with data security, privacy and compliance as reasons the kerosene lamp is better than the light bulb.

The spuriousness of that brings me to my second point: my fervent belief that tools merely carry out the processes and decisions of intelligent managers.  I’ve made this assertion before—it doesn’t matter if your security is on-premise or deployed and managed from the cloud; If you don’t know what to look for/analyze, if you don’t monitor in real time, if you de-centralize security functions so that the left-hand isn’t working in conjunction with the right, if there are gaping holes in your vulnerability assessments--an open barn door is easy to enter, regardless if there is a lock.

Let’s look closer at security. There’s no silver bullet for protection.  If there were, organizations like Bank of America or Crescent Healthcare, or Sophos, or the South Carolina Department of Revenue and a litany of others would not be in the news regarding data breaches. This is not to say these companies and the hundreds of thousands of others like them do not have adequate security tools. Eight times out of ten, what they lack(ed) is a cohesive process that would have alerted them earlier to telling issues. However, with the right tools in place and the right resources analyzing them and following a best practice protocol, could they prevent the Chinese government from hacking or Ned from sales clicking on a suspect email or a former employee meddling with a sensitive database? In most cases, yes.

But what does this have to do with the cloud? It eliminates cost as a predetermining factor. It allows you to focus on the best practice. Cloud-based security expands your options when it comes to your current initiative.  With on premise, the cost and resources necessary to make it successful force choices and either or propositions. SIEM or SSO. Access management or identity credentialing. The effectiveness of a cloud deployment allows an organization not only to unify, but centralize. Now the decision regarding on-premise versus cloud comes down to functionality and scope. If your cloud deployment can accomplish everything an on-premise tool can, it is typically in the best interest of your enterprise to make the most cost-effective decision that will accomplish the goal. If you get more functionality for a fraction of the cost, why would on-premise be a consideration?

But the naysayers are already grinding their teeth “on-premise deployments are more dependable, controllable, powerful, secure, and is the only way I can accomplish X.”  I am not out to replace all the hard work you have customized over the years… accept to say I challenge you to take a fresh look at a unified integrated security platform from the cloud. See for yourself if the functionality meets the sniff test. Oh yeah, they used to say kerosene lamps are brighter, more reliable, and tungsten filaments are prone to explosion (despite the fact that in 1880 nearly two of every five New York City fires were caused by defective kerosene lamps)!

Enough history…you’re concerned about data leakage, user carelessness and the like. When it comes to best practices, it truly boils down to prevention, detection and response. These are supported by a variety of solutions—both cloud and on-premise.  The challenge is that all things aren’t equal. A mid-sized credit union does not have the same resources as a national bank, but is saddled with the same concerns and compliance issues. The modest clinic still needs to ensure privacy as much as St Jude’s. In terms of security, the cloud (security-as-a-service) can be the great equalizer.

Now I don't say on premise tools are as dead as the dodo. There's room for legacy AND cloud even in terms of a single security initiative. What I do say is that moving forward IT executives must consider cloud-based options--for the cost, the convenience, the added functionality, scalability and most important, the proper alignment with future business needs and goals.

And just to be fair to the esteemed Erasmus Wilson and Ken Olsen, they were not the only ones with their feet turned backwards and anchored in the past.

  • "Two years from now, spam will be solved."  Bill Gates, founder of Microsoft, 2004
  • "I predict the Internet will soon go spectacularly supernova and in 1996 catastrophically collapse."  Robert Metcalfe, founder of 3Com, 1995
  • "Apple is already dead." Nathan Myhrvold, former Microsoft CTO, 1997
  • "Nuclear-powered vacuum cleaners will probably be a reality within ten years." Alex Lewyt, president of Lewyt vacuum company, 1955
  • "Television won't be able to hold on to any market it captures after the first six months. People will soon get tired of staring at a plywood box every night." Darryl Zanuck, executive at 20th Century Fox, 1946
  • "This 'telephone' has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us." -- Western Union internal memo, 1876.
  • "With over 50 cars already on sale here, the Japanese auto industry isn't likely to carve out a big slice of the U.S. market." -- Business Week, August 2, 1968.
  • “We will never make a 32-bit operating system.”  Bill Gates, founder of Microsoft
  • “Bell-bottoms will never go out of style!” Kevin Nikkhoo, 1976

Kevin Nikkhoo
Who still owns 600 vinyl LPs! (but also owns an iPod, and subscribes to an online streaming music site!)
www.cloudaccess.com

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

IoT & Smart Cities Stories
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...