It is not exactly news that most security controls, particularly those that are traditionally thought of as network-centric ones (versus endpoint-centric ones), are moving to the cloud. Many think that this is occurring because of the massive economies-of-scale enabled by cloud providers’ multi-tenancy architectures, the shifting of hardware and software deployment, upgrading, and administration from the customer to the cloud provider, or the elimination of costly data centre real estate and its associated operating costs for customer organisations. Others think that the shift is due to the security staffing economies-of-scale that are inherent with cloud providers versus typical organisations. Of course, these are all important factors driving the move of security to the cloud, but these miss a key value sleeper; the network effect.
A key value of moving ones’ security controls to the cloud is the massive security centric network effect that can be more easily gleaned when one is simultaneously hosting security for tens-of-thousands of global organisations. This security network effect shows up in two related ways: firstly, as attackers shift their tools and tactics, as they are continuously doing, cloud service providers that can effectively pull early warning data from their systems and combine it with a multitude of external intelligence sources, can very quickly detect the attackers’ new tactics and make content changes to better defend against them. Literally, the whole network of customers benefits from the discovery of a new attack type that even hits just one member of the network.
There is a second security network effect that can be leveraged by cloud security providers. Detecting and blocking some new attacker tools and tactics can sometimes go beyond needing just changes to security content, they require new security functionality. Because the development and deployment of cloud services differ radically from traditional software or appliance-based development models – usually in the form of DevOps – cloud service providers can build and deploy new functionality with relative ease and speed. No need to wait for twice-yearly software releases. And once the new functionality is available, it can be made available to every customer, globally and immediately. Another form of the security network effect of cloud security service providers in action!
Of course, being a cloud security service provider since our founding in 2003 gives Mimecast a great perch from which to leverage these network effects daily. A recent example of the new feature network effect in action are the recently released new capabilities in our Target Threat Protection services.