|
As network and application vulnerabilities continue to grow in the presence of an increasingly aggressive and sophisticated mix of attack vectors, organizations continue to struggle with balancing the survival needs of their businesses and investing in security technologies and hiring uniquely qualified staff to maintain them. Many organizations are struggling to keep up with the evolving threat landscape and complex challenges of securing multiple protocols. For these organizations, a hybrid approach to securing their businesses is fast becoming an attractive option.
Hybrid Delivery Platforms means providing the relevant security technology to your organisation in the most appropriate medium.
The 4 key platforms are;
-
Appliance
This is a pre-defined hardware platform provided by the vendor with the technology already installed on the unit. The appliance can simply be connected to your network and a simple installation and configuration wizard followed to make the unit live.
2. Software
Unsurprisingly, this medium of technology delivery requires that you install the solution on the hardware platform of your choice within your own infrastructure providing that it meets the technical recommendations of the vendor.
3. Virtual
Many technology vendors are now providing their solutions so that they can be deployed within a virtualised datacentre, deployed on the virtual hardware platform. The pre-dominant virtual delivery platform tends to be VMWare.
4. Hosted/Cloud
A large amount of security technology can now be provided as a hosted service in the "cloud". This has significant cost and performance benefits for the customer, but should be used as part of an overall "Hybrid Delivery" strategy. Hosted services are becoming increasingly popular for managing Inbound threat security solutions.
KL is able to provide you with a comprehensive view of the right delivery platform for each component of your multi-layer security solution, ensuring optimum performance in protection and cost.
The following questions were posed by Proofpoint to Brian Burke, program director of Security Products and Services at IDC, on behalf of Proofpoint’s customers.
Q. Is deploying a hybrid solution for email security and DLP preferable to being locked into one method of deployment?
A. In general, there is no "one-size-fits-all" solution for information security. However, this is where hybrid solutions can play a role in providing different organizations with a choice of deployment platforms or, more recently, a mix of deployment platforms that leverage the strengths of each platform. In fact, a recent IDC study on messaging security found that 25% of North American organizations have already adopted a hybrid mix of on-premises and hosted messaging security services. Moreover, the highest degree of adoption (38%) was found in large enterprise environments with more than 10,000 employees. This is clear evidence that hosted messaging security services are no longer just an SMB solution.
The hosted messaging security market ranks among the fastest-growing segments of the worldwide IT security market. Because hosted has low total cost of ownership (TCO), easy administrative overhead, facilitated management, and consolidated support and scales efficiently, its success isn’t surprising. Our most recent forecast has the messaging security market increasing at a 36% compound annual growth rate through 2011.
Q. For companies deploying email/DLP solutions, what parts of the solution would you have on premises versus what's deployed in the cloud?
A. Due to the explosive increase in the volume of spam and the increasing sophistication of malicious attacks, hosted messaging security services are becoming an attractive option for many organizations that want to block messaging threats "in the cloud" before they reach the corporate network. IDC estimates that in many cases, 5070% of traffic can be stopped in the cloud before it enters the corporate network. This reduces not only the amount of unwanted content that has to be processed by an on-premises solution but also the amount of email that an organization has to retain to meet certain regulatory requirements. Because malware protection is off-loaded to the "cloud," unwanted content (e.g., malware, spam, bad Web sites, unproductive information) never hits the customer’s gateway. Therefore, the customer is not responsible for content it never received. This reduces risk, cuts bandwidth requirements, lowers archiving requirements, and limits eDiscovery activities.
We expect on-premises solutions to continue to handle the bulk of DLP and encryption responsibilities. Concerns with DLP and regulatory compliance are driving the need for a more complete messaging security solution that secures both inbound and outbound messaging traffic. We’ve found that a majority of organizations want to prevent data loss closest to the source and prefer to deploy DLP technologies on premises. IDC believes an integrated hybrid deployment of messaging security offers an organization the best of both worlds for addressing internal and external threats. In addition, because messaging gateways are receiving far less traffic, their economic life span can be extended and their policies can be finer grained to deal with internal policy and/or external compliance. "Appliance fatigue" is a term we hear more and more from organizations frustrated with having to deploy a growing number of gateway appliances to keep up with the pure volume of messaging traffic.
Q. What are the benefits of a hybrid deployment for inbound and outbound email security?
A. It’s no secret that IT departments continue to experience budgetary pressures with regard to proper staffing levels while simultaneously being asked to provide higher levels of network accessibility, business continuity, and most of all, security. IT managers often must manage these expanding infrastructures with relatively bare-bones staffing and resources. Given these limits, they are increasingly looking for cost-effective, easy-to-adopt, and easy-to-manage solutions. Security professionals agree that effective security requires a multilayered defense but the resources required to manage multiple point products can overwhelm an IT department.
Faced with ever-increasing numbers and types of security threats, many organizations are in a constant struggle to find the optimal balance between investing in human and capital resources for the growth and survival of the business and investing in security. Given the tight squeeze in which IT departments find themselves, it’s obvious that an efficient, cost-effective, and comprehensive security solution is needed to address their unique situations.
Deciding where and how an organization can derive the biggest bang for the buck out of limited and often shrinking budgets is an ongoing balancing act for many IT departments. IDC believes a hybrid solution can provide a higher degree of protection for all of the aforementioned threats as well as cost savings. While hosted services are not a substitute for on-premises security, they can reduce the load on the network, protect against downloaded applications that can damage PC system images, and prevent access to malicious content. While these are software dollar savings, these factors reduce the pressure on IT staffs.
Q. What are the benefits of using one vendor for a hybrid approach to email security and DLP?
A. Using a hybrid security solution can help lower TCO. A single vendor can typically offer a total price for an integrated solution that is lower than the sum of list prices for each component purchased from different vendors. There are also hidden costs to consider, such as the need to manage and renew multiple licenses, often at different times of the year. While renewals may not be an issue if organizations choose to purchase the solutions at the same time, the management of multiple security products could be costing an organization in administration overhead, as well as the IT administration staff’s time. Moreover, a single policy framework and single administration console can lower costs by simplifying
administration and reducing the risk of policy gaps.
Additionally, using a single vendor’s products will result in lowered internal support and training costs because staff need to be trained on only one product. Using a single vendor can also help reduce the practice of multiple vendors pointing fingers at one another when problems arise, such as a serious virus infection or major data breach. A single vendor would serve as the "one throat to choke" should something go wrong. For small and medium-sized companies, as well as branch operations, hosted messaging security can provide a single mechanism with a single policy that reduces the need for messaging security expertise at the local site. IDC believes corporations of all sizes will increasingly look for security solutions from a single vendor that can address cost and security concerns equally.
|
