I am fortunate to speak to customers, security professionals and thought leaders every day. Although they all articulate their security challenges differently, the root problems are often the same.
But those solutions too often rely on imposing strict controls that create friction among the workforce and inhibit the company’s business operations. Increasingly opaque perimeters, the sophistication of cyber threats and the velocity of business operations all contribute to a security team’s challenge in how to effectively design and implement controls that enable rather than inhibit business operations.
Add the prospect of cloud computing to these challenges and it’s not difficult to understand why security is one of the principal factors inhibiting the adoption of cloud technologies. Cloud computing creates opportunity and can transform businesses in powerful and revolutionary ways, but if we fail to change our thinking on security controls, we will fail to realize the true power and opportunity of the cloud.
Rackspace Chief Security Officer Brian Kelly is a man with many stories. Armed with countless metaphors, analogies and anecdotes, he always has a unique way to get his point across. Clearly conscious of the preconception that security teams are comprised of authoritarian figures who waggle their fingers at naughty employees when they download something they shouldn’t or exasperated business leaders who have shelved one too many good ideas after being told ‘no’ by their security teams, Brian has using the following analogy:
‘Back in the day of the Ford Model T, despite the transformational power of this new invention, drivers quickly became frustrated at the slow speed of these first generation vehicles. One could walk almost as fast as they could drive. But slow speed was a necessity, given there was no way to slow and stop the vehicle — that is, until someone invented the control we know today as “brakes.”
It’s counter-intuitive, but brakes were invented to enable cars to go faster. Security should be the same. Properly designed and implemented security controls allow businesses to go faster and further while reducing any unnecessary risk.’
It’s a strong analogy. Security, like every other part of business, must evolve in order to take advantage of the opportunities new business models and technological advances provide. To evolve requires a change of perspective. Security must be seen as an enabler of business, not an IT problem to be solved.
It’s just one of many levers at management’s disposal to solve today’s business problems. Forward-thinking businesses are not viewing security as a reason to avoid the cloud. Instead, they see the possibilities to harness the cloud for more agile and effective security, propelling the business to new heights. These same businesses understand the power of hybrid and multi-cloud architectures, but appreciate how the security fabric is woven across these environments to manage risk, while empowering progress. I’ve found myself extending Brian’s analogy to help me explain the role of Rackspace Managed Security in the hybrid and multi-cloud environments our customers are leveraging.
Today’s cars do more than travel at higher speeds. They must be fuel efficient, multi-terrain and capable of interacting with satellites, computers and leading edge technology. Today’s braking systems are necessarily capable of so much more than they were in the past; anti-lock brakes were just the start. Modern cars use brakes that treat each wheel independently, adjust to the road conditions, even apply themselves in an intelligent way when the driver’s reaction times are not sufficient to prevent an accident.
If we think of the car as the business, then ‘cloud’ is the fuel injected, cost efficient, super charged engine that provides rapid acceleration when speed is critical, unrivaled miles per gallon when efficiency is paramount and versatility when agility is key.
So security, too, must evolve beyond slowing down a business, applying itself in intelligent ways that reduces risk by actively detecting and responding to security events without hindering a business’ ability to evolve with speed and agility.
The view that security and compliance are core problems in the cloud is beginning to give way to the realization that organizations can be safer in the cloud. Security solutions in the cloud are too often rehashed versions of the old strategies and technologies, forklifted unwillingly into a challenging multi-cloud environment. I’m sympathetic, driving around in my old Camry, its spongy brakes making it difficult for me to imagine those brakes being effective in much faster and more powerful vehicle.
Forklifting business solutions, designed for traditional infrastructure, is common. But it’s not the right approach and often brings the problems from the legacy environment into the new one. A legacy security operation that seeks to artificially impose yesterday’s concept of perimeters and control across a multi-cloud environment will fail. Forward thinking businesses have the opportunity to harness ‘born in the cloud security solutions’ which provide expansive visibility and context; armed with the agility provided by the cloud, to respond faster and more effectively to security events.
Rackspace Managed Security has been designed to allow businesses to confidently take full advantage of the cloud’s promise. It’s built on the principle that preserving business resiliency by intelligently understanding data and guarding it with maximum visibility and proactive rapid response, will provide the business with the ability to manage risk and go on making sure that no accidents happen.