Cloud security: “It’s not just about what or where”
Cloud services are also gaining ground in the cybersecurity sector. In this interview, Christoph Koch, CEO of United Security Providers, explains where security as a service makes sense, what speaks in favor of the services and what to look out for.
November 14, 2024
“Swiss IT Magazine”: Mr. Koch, for which companies is cloud or security as a service actually suitable? Would you always advise your customers in this direction or are there any restrictions?
Christoph Koch: Security as a Service helps all companies that do not want to operate their own complex infrastructure with multiple network and security solutions or that want to move away from too many security solutions from a wide range of service providers. Many of these companies also lack the necessary specialists and know-how to maintain their own operations. Such customers are looking for uniform security guidelines for their users and all company locations. Secure, service-oriented offerings with global reach, self-service and the agility of the cloud meet these requirements. And these offerings are mostly cloud-based, providing consistent security across the entire network while offloading day-to-day management tasks – such as capacity planning, software upgrades, operational complexity – or hidden costs to the service provider.
Which security solutions can be sensibly obtained from the cloud – and where does it make sense to continue to rely on on-prem operation?
In my opinion, it is mainly regulatory and statutory data protection requirements that demand the in-house operation of an on-prem infrastructure. If an IT landscape does not change over many months, i.e. a simple and static application that undergoes few adjustments and performance scaling over time – such as on Black Friday – an on-prem infrastructure can even be operated more cost-effectively than a cloud service from a business case perspective. For most requirements, however, cloud-based or hybrid forms are an option.
And what, in your view, are the most important arguments in favor of switching to security in the as-a-service model?
Switching to Security as a Service offers several key advantages: Firstly, it helps to counteract the skills shortage, as companies can access external expertise and specialized security solutions without having to hire expensive and hard-to-recruit specialists themselves. Secondly, the complexity of managing and maintaining security systems is reduced as they are centrally managed and updated by specialized providers. Thirdly, the switch reduces cost pressures as companies do not need to invest in expensive infrastructure and can instead pay for security services as and when they are needed. Finally, the switch from capex to opex – i.e. from capital expenditure to operating expenditure – enables a more flexible and predictable cost structure, which is particularly attractive for growth-oriented companies.