Cybersecurity has evolved quickly over the past several years as companies scramble to keep up with the massive influx of new cyber threats and threat actors. This, in addition to the unwavering growth of the cloud, has spawned new approaches to cybersecurity, especially in the form of integration of once-disparate technologies.
The resulting convergence is blurring the line in the way cybersecurity is delivered and not everyone is prepared. Many enterprises still assess cybersecurity solutions on their individual strengths using best-of-breed assessment to protect their organization. Frost & Sullivan views the industry progressing in two main ways: 1) through solution bundling and delivery through the cloud and 2) tight integration with a platform approach.
Bundling of products is not new—companies are always trying to cross-sell or upsell complementary products. The cloud has helped in this endeavor as cloud-based deployments are usually sold as-a-service, mitigating difficulties associated with configuring and setting up multiple appliances onto company systems.
The popularity of the platform strategy is rising quickly, and vendors sell most, if not all, their security from a single platform. This allows customers to add on and manage a host of security products within a single pane of glass, tremendously simplifying processes and allowing for deeper insights. Distilled to their core attributes, security platforms allow for consistency in control and management, visibility into the attack landscape and promote collaboration through openness.
What is Integrated Cloud Security?
One way security vendors achieve both forms of convergence is through Integrated Cloud Security. Integrated Cloud Security is the bundling and delivery of multiple synergistic security and networking technologies in a single cloud platform, which is often called Secure Access Service Edge (SASE) in the industry. Integrated Cloud Security is also a natural choice for enterprises seeking a zero-trust approach to their networks and security as the latter is a core component of the former.
With the adoption of Integrated Cloud Security:
- Enterprises automatically receive an integrated portfolio of several security products traditionally sold as standalones, such as Secure Web Gateways and VPNs, with similar levels of performance.
- The management of one’s enterprise security is simplified because those capabilities included in Integrated Cloud Security will be centralized in a single console.
- Enterprises get unparalleled visibility into threats, security preparedness, and vulnerabilities through the single platform approach. Integration and the cloud independently create scalability.
Taken together, Integrated Cloud Security creates an environment where enterprises can scale security to branch locations and supplemental users much more efficiently and painlessly.
Confusion Surrounding Integrated Cloud Security
At present, there is no single industry approach to which technologies are included as vendors interpret these differently, although SWG, SD-WAN, DLP, CASB, VPN, and NGFW are commonly included.
Integrated Cloud Security has grown quickly in developed countries because it fulfills not only the desire for enterprises to bolster their defenses but also because it directly supports the simultaneous WAN transformation trend that is being seen in the market. Integrated Cloud Security can also lead to cost savings, scalability, and better performance due to decreased overhead, the as-a-service model in which it is sold, converged security capabilities, and zero trust.
In Asia-Pacific, Integrated Cloud Security is a nascent approach with an equally small base, but it has the potential to grow quickly over the coming years in parallel with the changes being seen in that market. Below are several pull and push factors affecting Integrated Cloud Security adoption in Asia-Pacific.
Asia-Pacific Enterprises Still Favor On-Premise Deployments Overall
In Asia-Pacific, cloud-deployed cybersecurity is a budding market. According to research conducted by Frost & Sullivan, Asia-Pacific corporations prefer to deploy security through appliances/hardware despite the developments in cloud-based solutions over the decade.
Enterprises here take a conservative approach to ownership and prefer to have tight control and visibility over their security measures, especially when concerned with compliance issues. Staff is also usually kept within a defined perimeter. Moreover, data residency laws and unfamiliarity with responsibility in cloud-based models leave enterprises hesitant to adopt, especially since their on-premise security performs well for their current needs.
This has led to a market situation far removed from that of the U.S., where many of the vendors originate. To illustrate, on-premise web security deployments make up almost 90% of all revenues derived from web security solutions in the Asia-Pacific region, according to Frost & Sullivan; that number is closer to 50% in the U.S.
Nevertheless, cloud deployments are growing at a faster rate than on-premise deployments in Asia-Pacific as enterprises gradually become aware of the benefits, although the latter will continue to make up the majority of the market in the short to medium terms.
The Way Enterprises Work is Changing in the Post-Pandemic Marketplace
The changing nature of work has and will continue to impact the viability of traditional deployments in securing remote workers. Remote working has risen to unprecedented levels since the COVID-19 pandemic descended upon us in the first half of 2020. Companies were forced to make arrangements for their employees to work from home as governments imposed strict policies on public movement. Virtually overnight, a large number of office workers began working from their homes out of necessity. In the U.S., at least 16 million workers, or nearly 5% of the population, moved to remote work. The pandemic accelerated the existing trend of moving to remote work that has been ongoing for several years, especially in North America. A recent study by Microsoft on its remote workforce shows the lasting impacts this move has had on the way employers and employees view work. The company’s employees saw workweeks expand as they sought to juggle their work and home duties within the same premises. Unsurprisingly, the utility of online communication and collaboration has intensified during this period. In the same study, Microsoft managers saw a doubling of call durations in its China offices.
Due to this sudden change in their work environment, enterprises had to seriously consider cloud-based cybersecurity solutions because it was the only way to adequately scale cybersecurity to their entire remote workforce in such a short time. As remote work continues to expand, Integrated Cloud Security will become more viable as it solves both deployment and security coverage issues.
Cybersecurity Expertise is Still Lacking, So Integrated Solutions are More Important
The chronic lack of cybersecurity expertise in an increasingly hostile threat environment has pushed enterprises to find ways to bridge the gap in their security with fewer people. In their search, companies may find Integrated Cloud Security to be a promising option as it can potentially decrease the overhead and complexity needed to keep it running while providing a wide breadth of coverage. Finally, there’s the issue of best-of-breed versus completeness of integration. The best-of-breed approach usually entails sourcing security products from various, disparate vendors, while integration means companies will have the option to select from only one or two providers with tighter integration among the solutions. On the one hand, the best-of-breed approach requires significantly more work to integrate as the individual products are not typically designed to work together. On the other, the integrated approach entails sourcing numerous security capabilities from a few vendors—even if they aren’t the best in each particular capability. Enterprises will have to determine how both approaches stack up to their security needs.
Key Considerations When Thinking About Integrated Cloud Security
Frost & Sullivan aims to dispel the confusion about the definition and components of Integrated Cloud Security and to shed light on the drivers and restraints it faces in the Asia-Pacific market. This new approach to cybersecurity is a result of the transformation in how cybersecurity is being perceived from both vendor and end-user points of view, particularly toward the viability of integration and cloud-native security. Enterprises should evaluate if Integrated Cloud Security is right for them and consider the following:
- Should your enterprise start considering cloud-based security if it hasn’t done so already?
- How is your remote workforce changing the way security is handled in your enterprise?
- How do you weigh the pros and cons of best-of-breed security versus integrated security?
- What are the key concerns for your enterprise in adopting cloud-based security?
- Is your cybersecurity staff prepared for the shift to a cloud-native approach?