Risk rests in managed services
The South African market is starting to realise the benefits of cloud computing and managed services and this doesn't come without risk.
This is according to Jayesh Mowjee, business manager for security solutions at Gijima, during his ITWeb Security Summit presentation, 'Security as a managed service: the good, the bad and the undocumented'.
“A lot of [South African companies] are still looking at due diligence before moving to the cloud. Two-to-three years ago, most companies were making massive investment in on-premise solutions. We are now seeing that changing.”
Mowjee defined managed services as the practice of transferring day-to-day related management responsibilities as a strategic method for improved and effective operations.
Some examples for managed services include endpoint security, data loss prevention and incident monitoring, he said.
According to Gartner, the top managed service consumed is firewall services (82%), followed by network services, endpoint security and unified threat management respectively.
“Attacks are getting more sophisticated and this is a problem business faces everyday,” said Mowjee.
He noted that many companies are turning to third-party service providers to host and manage their security requirements.
According to Forrester Research, 34% of businesses worldwide adopt managed security solutions (MSS) because they can't afford the resources. This is particularly true for small and medium enterprises, he added.
Forrester found that 34% of companies choose MSS to improve quality of protection while 28% want greater security competency.
Mowjee pointed to some of the advantages of MSS, which include flexibility, cost-cutting, and companies can focus on their core business without investing in specialised skills.
He also listed the disadvantages of MSS: “The customer does not absolve responsibility regarding the service and a large number of companies have experienced mismanagement by their service provider.”
He added that the risks of MSS include loss of data control, the risk of quality of service, hidden and uncertain costs, and shared environments open the company to legal and regulatory risks.
“Around 40% of organisations (globally) are likely to outsource aspects of their infrastructure in the next two years, according to the Butler Group,” he said.
“Customers want to know that their service provider can be a trusted strategic partner and can deliver security expertise.”