I am not quite sure when exactly it happened, but over the past five years, the obligatory “in-house” data center painfully maintained by thousands of mid-sized organizations became a relic of the past.
Starting with AWS an entire industry emerged to sell the basic plumbing of IT infrastructure to Corporate America the way that utilities sell power to homeowners.
Since that time, innovation in the cloud space has moved at a breakneck pace, giving rise to cloud computing platforms providing “for rent” computing systems and network transport operated by Amazon, Microsoft, Google, and now several other would-be players like Dell and Oracle. I doubt, dear reader, that I am telling you anything you did not already know.
Here is the part you may not have thought much about. In selling their wares to larger and larger companies, cloud platform providers ran into what salespeople refer to as a “blocker.” Corporate buyers looked for demonstrable evidence that private tenant environments housed in the cloud were actually private.
This was problematic. How do you prove that a tenant’s IT environment is truly private?
To put a finer point on the problem, how do you “prove” that the other tenants and the landlord have no means of access? The answer is that (with 100% certainty) you can’t.
The cloud providers were forced to come up with the next best thing. They began building into their platforms, at nominal additional cost, the ability for tenants to prove it to themselves on a continuous basis.
This is how, for the first time, basic security tools became a part of the baseline plumbing of the cloud. All of a sudden, configurable services for authentication, log aggregation, vulnerability scanning, anti-malware, security alerting, proxies, and network segmentation became as commonplace as servers and bandwidth.
Since proof is a qualitatively experienced IT staff, there is a catch. These services must be configured and each cloud tenant has different requirements.
So why are we off on this tangent? It turns out that the addition of security services as basic plumbing of the cloud has provided an alternative solution to the many security challenges of today’s mainstream businesses.
Faced previously with the challenge of stitching together expensive security systems, mid-sized enterprises were dissuaded from proactively improving their security posture and typically waited until they had active breaches to do so.
With the frequency of such security incidents rising rapidly, cloud-based solutions came just in time. Not only do they provide mid-sized businesses with previously unavailable access security products, but they slash the cost of systems integration.
Recently, Google Cloud purchased security provider Mandient, and with it, the premier Fireeye EDR product. If this is any indication of the types of security services that cloud providers plan to offer, the future of integrated and cost-effective security solutions for the cloud looks sunny.