Your Risk Management Magazine
Reach for the clouds: the risks of cloud security solutions explored

Font size : + -

email print

Recent research has revealed that Australian businesses are among the world’s leaders when it comes to adopting cloud-based IT security solutions, but questions surround the risks of adopting this model

Australian companies are turning to the cloud to service their IT security needs in increasing numbers, but many are still being held back by the perceived risks of moving away from onsite software and putting their faith in third party cloud-based solutions. These are the findings of a recent research paper from Frost & Sullivan.

The lengthily titled report, A Strategic Analysis of the ANZ (Australia, New Zealand) Security as a Service Market, found that the Australian ‘security-as-a-service’ market – which includes the delivery of content security services over the public network – grew by 17.2% last year.

“When we say ‘security-as-a-service’, we mean that the security software’s not necessarily on your hardware or on a device in-premise,” explains Andrew Milroy, Frost & Sullivan’s vice president, ICT research, APAC.

“So basically, it’s at the network level where the security’s taking place. Basically, the filtering or antivirus activity is taking place over the internet.”

The report goes on to predict that the ongoing migration from on-premise software to cloud services, amongst smaller businesses in particular, is expected to see the industry continue to grow at a rate of 16.6% per annum over the next four years. In dollar terms, this would increase the Australian security-as-a-service’s market value from $38.4 million to $83 million.

While these figures make for impressive reading, question marks still hang over the risks that Australian business leaders associate with transferring their IT security provisions to the cloud.

Chief among these concerns, as highlighted by the report, is the fear of losing control by outsourcing to a third party service provider. In other words, executives feel that the risk is higher when IT security is handled by a third party off-premise than when they have their own machines and staff to oversee onsite. “It’s a perception issue really,” says Milroy. 

Data sovereignty is also a key issue, with questions being raised about the risk implications of having data stored offshore by a third party.

“If the security-as-a-service vendor has access to some of your content, which it would do in the cloud, there’s a concern that the security process may be taking place outside of the borders of the country that you’re in,” says Milroy. “Sovereignty relates to the country the data resides in, their legal system and so on.”

Large organisations, in particular, are being held back by the potential regulatory impact of relying on the Asian or US-based data centres used by many of the existing security-as-a-service providers, notes the report.

Milroy points out that this is largely a compliance issue, with organisations being concerned that they may fall foul of “ambiguous” regulations surrounding the country in which their data can reside. He notes that data storage regulations aren’t as tough in Australia as they are in other countries, such as Singapore, but concedes that the laws surrounding the relatively recent issue of data residency are subject to change.

“Compliance is becoming more of an issue,” he says. “Regulations may change, so you’ve always got to keep an eye on what they are, and there’s a concern that you may cross the regulator by keeping data offshore.”

The benefits

While the debate rages on about the potential risks of taking to the cloud for IT security, the report notes that the business case for adopting the security-as-a-service model remains strong.

It is claimed that there is a business desire to classify IT expenses as ‘operating’ rather than ‘capital’ expenses. This ensures a more predictable monthly expenditure for organisations along with other benefits such as lower up-front costs, greater standardisation, ease of upgrades and ubiquitous access.

A shortage of qualified IT expertise and in-house security professionals has also been earmarked as one of the drivers of security-as-a-service uptake – where the delivery and maintenance of the security solution is taken care of by the cloud services provider.

The ability to protect users irrespective of their work location was also highlighted as a benefit of cloud-based security provisions.

  • Bookmark & Share
go back
Your comment
Risk management is the place for positive industry interaction and welcomes your professional and informed opinion.
eNewsletter

Breaking news, video interviews, opinion and analysis delivered straight to your inbox. Subscribe now
Categories

Home   |    Terms & Conditions   |   Advertising   |    About Us   |    Contact Us   |    Privacy Policy  

© 2012 Key Media Pty Ltd.