Skip to main content
close search
site logo
Dive Brief

4 questions to ask before adopting security as a service

Published April 26, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty Images

Dive Brief:

  • Companies are not asking cloud providers the right security as a service questions, according to Frank Konieczny, CTO of the U.S. Air Force, speaking at Security Through Innovation Summit in Arlington, Virginia Thursday.
  • Many cloud providers just provide a firewall and "then you're on your own," said Konieczny, so companies have to figure out how to virtually replicate the same tools used on-premise. The degrees of security also differ depending on the provider. That adds more complexity for companies that want to enable cloud-to-cloud communication.
  • Questions to ask cloud providers: Which services they provide, how often they deploy patches, vulnerability analysis, and finally, how much those services cost. 

Dive Insight:

As the cloud becomes the new norm, the definition of security as a service is more widely interpreted. The gaps in interpretation leave room for misunderstanding.

Konieczny defines security as a service as either receiving data that serves as information for decision-making or a service provider that makes the decisions for the customer as a subscription.

Everyone is "trying to do everything as a service anyway," he said, but because the services are expected, asking the right questions doesn't always come naturally. Cloud customers assume that once they migrate to the cloud, the provider takes the security reins. But accountability remains on the customers.

Companies need to clearly understand where the cloud provider's security stops and theirs begins. While the cloud's infrastructure is more resilient than a private data center, it doesn't ensure bulletproof security.

Cloud environments are scarier because it means companies relinquish control and visibility to a provider. "Everyone is paranoid now because you're not controlling the server farm" of the cloud, said Konieczny.

On-premise environments felt safer, said Konieczny. Now, the cloud begs the question, "I'm sharing a platform with everybody else, what does that really mean?"

There are inevitable nuances in cloud-based security that are often overlooked, he said. Companies need to ask themselves what exactly they are trying to secure, data or applications because that will dictate the cloud-based tools that need adopting.

Filed Under: Cloud, Security

Editors' picks

Company Announcements

View all | Post a press release
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Editors' picks
Latest in Cloud
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell