2023 needs to be a year of unification for cybersecurity
The past twelve months have been tough for a lot of organizations. From inflationary pressures to fears of a global recession, many economists have made pessimistic predictions about the year ahead. As a result, controlling and reducing costs is likely to be the focus for many companies in 2023.
Yet despite these economic stresses, IT spending has continued to rise. Gartner has estimated businesses spent around $4.5 trillion in 2022, up 3 percent year-on-year. While part of this spend is driven by digital transformation and the adoption of new technologies, a good part comes from unexpected expenses - especially when it comes to cloud where businesses can easily incur heavy costs without realizing it. Research finds that 80 percent of organizations lack awareness of how best to manage cloud computing, leading to overspending of between 20-50 percent.
Hybrid cloud can address some of these cost challenges, helping companies make the most of their existing infrastructure while also avoiding the data egress costs and refactoring fees etc. which can become costly when using public cloud. However, as many businesses are finding out, shifting to hybrid cloud can greatly complicate their security strategies.
Managing everything, everywhere, all at once
Given that cost reduction is a key driver of the move to hybrid cloud, it is unsurprising that many businesses have chosen to also invest in security tool bundles from their cloud providers as part of their overall deal. These tools are often significantly cheaper than specialist alternatives, especially when purchased as part of an overall deal. However, as some are finding out, there are several reasons why such tools can end up creating more headaches than they solve.
The first is a question of in-house capabilities. Hybrid and multi cloud models dramatically increase the amount of time consumed by routine tasks like patching, upgrading, and data monitoring. Each new database environment has its own way of handling issues like data privacy, data security, or regulatory compliance. Training and maintaining a single security team that has sufficient expertise in how to securely deploy tools from AWS, Azure, Snowflake, MongoDB Atlas -- among others -- is difficult, time-consuming, and expensive. As a result, while the tools themselves may be relatively inexpensive, more often than not, outside consultants and experts have to be brought in to support each additional environment.
The second factor is the capabilities of the tools themselves and is even more problematic. Because cloud providers aren’t security experts, the tools they build can lack essential capabilities -- such as the ability to properly discover and classify data -- or the latest threat research data on how cybercrime groups are evolving their attacks. Consequently, businesses that are serious about protecting their data frequently have to invest yet more money in supplementary tools to fill in these gaps.
The upshot is that, while hybrid cloud can offer excellent value for money when it comes to workloads, from a security perspective it’s incredibly easy to end up paying more money than they can afford for an expensive patchwork of solutions across multiple different environments, which deliver a flood of notifications while failing to provide any sort of genuine visibility or protection.
A unified future
All of this means that, for any organization which values good cybersecurity, the move to hybrid cloud will have to be accompanied by a unified approach to data protection. Having dozens of different tools to manage the idiosyncrasies of each provider is not practical in terms of security, compliance, or cost. Therefore it’s necessary for organizations to shrink the number of solutions they use, prioritizing those which can operate across their entire digital landscape simultaneously.
This ensures that all databases, data warehouses, and data assets can be monitored, regardless of location. On top of this, it also means that security teams can create, apply, and track policies across the entire landscape, removing the need to repeat processes multiple times in different ways. This saves time and significantly reduces the training requirements needed to run each new cloud environment, making it easier to introduce infrastructure changes as required.
Another key advantage of a more unified approach is a dramatic increase in analytical capabilities. Good unified systems enable automatic analysis across all databases, regardless of type or location, the insights gained for security teams are far more accurate and valuable, allowing them to better prioritize and secure the enterprise.
Simplicity and security
The coming year will be a difficult one for many organizations. Most industries are facing significant economic turmoil, regulatory changes, and the ongoing impact of The Great Resignation. Consolidation and cost-cutting have to be top of mind, and IT spending is one of the biggest areas that businesses look to reduce their expenditure. A lot of companies today have found that their digital transformation journeys have inadvertently created an expensive mishmash of security solutions without providing genuine protection. A unified approach which works across every environment can reduce the volume of security solutions needed, save valuable time for SOC teams, while also enhancing the threat intelligence and better protecting the business, all at once.
Image credit: realinemedia/ Depositphotos.com
Andy Zollo is RVP for EMEA at Imperva.