Cloud security and compliance services - Enforcement and management
The Challenge
Whilst interest in ‘cloud’ continues unabated, turning interest into revenue is proving more difficult for many Cloud Service Providers (CSPs). In order for organisations to move computing resources and applications to the cloud, the value of doing so must exceed the risk. The risks of cloud migration are largely captured in one word — “security.” According to a recent Forrester Whitepaper over 50% of organisations considering cloud computing are not adopting because security is their primary concern. Data protection, system integrity, access control and application security present fresh challenges for CSPs, going way beyond the one-dimensional security standards focussed on system availability adopted by many providers today.
End-user IT environments are increasingly subject to strict compliance regimes put in place by industry watch-dogs. CSPs will soon be expected to confront this challenge and allay customer fears over how Cloud Services will maintain their compliance and deal with confidentiality and integrity issues. To move compute resources into the cloud customers will expect clear evidence of robust processes and reporting around these regulatory requirements.
|
“This shift, from security in the cloud to security of the cloud, marks the beginning of a significant and sustained transformation for the IT security and cloud services market” Forrester |
Consequently, CSPs must go further than ever before to demonstrate for customers the steps they have taken to secure their infrastructure and data. This involves a detailed mix of technology and process.
The Security Paradigm – today CSPs are really only partially addressing the ‘Availability’ element of providing secure services.
Those providers who seize the initiative, building secure, auditable cloud services, addressing security concerns on every level will be well positioned to ‘on-board’ customers faster, accelerate revenues and differentiate their services.
To build this level of security and auditability into their infrastructure, there are significant advantages to CSPs developing new partnerships with specialist security providers and out-tasking the responsibility for securing end-user services.
Having worked with a number of CSPs we have put our knowledge of the security challenges faced by these organisations into a new portfolio of services to help forward thinking CSPs embed comprehensive security and compliance into their services or as an add-on protection for customers.
What is Zepko Cloud Security & Compliance?
|
At a glance:
|
Zepko Cloud Security and Compliance is an appliance-based cloud service for CSPs who want to improve their security and compliance status as an enabler to win and grow new customer business. Whilst eventually, this will become common place, in the short to medium-term differentiating in this way may also provide CSPs with an additional revenue stream.
Our services address the critical dimensions of security and compliance, augmenting security as a process not an event:
Discover where IT risk exists including where data resides within the customers infrastructure, who has access privileges, when it was last accessed and by whom.
Protect data and the network to mitigate IT risk. Protection of sensitive data when in transit and /or in use.
Monitor and Respond to existing and emerging IT risk. Security Incident Management provides log management and analysis plus forensic analysis and security audit trails.
Enforce policy and Compliance. Produce evidential output that IT risk is being managed effectively via reports, alerts and dashboards designed to support customer compliance regime(s) along with service–based and application performance metrics.
Designed as an easy-to-access suite of security and compliance services, simply customise from our pick list of options. All services are delivered in in real-time and can quickly be ‘added’ for existing customers or as new customers are acquired.
- Operated from a secure ISO-accredited facility
- Powered by best-in-class IT security technologies
- Serviced by an expert back-end security operations team
- Flexible and integrated delivery model (MSS/Co-Lo/Cloud)
- Straightforward menu-driven packages
- Choice of options to meet your specific requirements
Importantly, the services are built to be acquired as modules to easily come together with a CSPs existing investment in security infrastructure.
Modules can be deployed as required or as part of one of our simple packages intended to meet specific security challenges.
Entry – Providing the first layer of monitoring necessary for Log Management, Incident Management and Risk Management.
Intermediate –Protection through policy based enforcement, monitoring of risk, and evidential customer compliance.
Advanced – End-to-end security and compliance management. From on-going discovery and control of sensitive data to policy based enforcement, threat monitoring and auditable compliance.
Deployment Scenarios
Our security services are tailor-made for a range of deployment scenario’s, offering CSPs the freedom to enhance protection to customers instantly:
- New customers with concerns over security vulnerability before migrating to the cloud
- Existing customers where governance compliance is important or essential and services to support this will be seen as a valuable tool
- New or existing customers who want reassurance surrounding cross-contamination of data and systems on a shared platform
- Use as a 'healthcheck' service to provide point-in-time system audits, potentially presenting new revenue streams
- Small to medium customers who will want to move to the cloud early and require flexible, reliable services
Benefits
Cheaper
- More cost effective – only pay for services as you win new customers
- No capital outlay on security technologies
Faster
- Reduced time to business as usual state for new customers
- Technology refresh and upgrades via planned service enhancements
Better
- Non-core activity – remove overhead of building a security practice
- Can integrate into existing general IT NOC/ITSM/Helpdesk function
- Cloud providers need to utilise specialists who can cover security and compliance using most effective use of best of breed technologies to provide a secure virtual environment
Flexible Cost Model
Thanks to the way our services are delivered CSPs can choose between cost models including:
Per Server – Fixed cost for every server managed and monitored
Log Volume - Cost per security/incident log reported and managed in the environment
We are examining new cost models all the time such is the emerging nature of cloud services. Therefore, CSPs wishing to propose alternative cost models are encouraged to think creatively and get in touch.
Our Approach
We have built our reputation on exceptional customer service and excellence in the security and compliance arena. We have relationships with a portfolio of world-class vendors and build our solutions on our proven delivery models to dramatically de-risk service delivery.
Many of our services are now delivered through the cloud. This elastic service model enables us to provide total security to our customers in a cost-effective way that scales as they do and evolves with the threats and challenges facing our customers.
Find Out More
If you’re a CSP interested in exploring how our Cloud Security and Compliance Services might enhance your services get in touch.
In the meantime contact us on 0845 0740790 or email cloud-security-services@zepko.com