Cloud Web and Email Security

Cloud-based security. Is it right for your company's web and email systems? What are the options? On-Premises Cloud Solution You buy, installI, configure and maintain all the hardware and software you require for your gateway email and web security. You pay a service provider a recurring fee and use their email and web security infrastructure. For web security, you may need to deploy some software. You will own the infrastructure which will typically be a capital expense and you will have ongoing maintenance costs to consider. The cost is usually quoted on a per-user, per-month basis and you are unlikely to incur any capital expenditure. How does cloud-based security work? Similar to on-premises products but you re-route all your inbound and outbound email and web traffic through a service provider's data centers, where your policy is applied. Targeted attacks global average per day: 116 Your provider's security infrastructure is like an extension of your network. In 2012, approximately 23% of email malware contained a URL rather than an attachment Source: Symantec Internet Security Threat Report Volume 18 What's important? Weigh up the cloud merits and cautions against your requirements. Merits 37% I.T. Environment & Infrastructure of data breaches • Reduce data center costs are caused by a malicious or • Secure a distributed network across many branch offices criminal attack. A strong security posture is the highest rated factor that reduces the per capita cost of a data breach Protect and enforce AUP for mobile workforce Flexibility & Cost of ownership Source: Ponemon Cost • Predictable per-user costs of a Data Breach report • Easily scales to meet changing needs • Little maintenance frees staff for other tasks • No additional cost for high availability Cautions Security & Regulatory • Quickly address all of your privacy concerns 50% of targeted attacks are • Guarantee the security posture of the infrastructure • Ensure all data is stored in a specific country destined for businesses with • Enforce a DLP policy before data leaves your network less than 2500 employees. Web based Granular Functionality attacks increased 30% • Exact same functionality as on-premises products Source: Symantec Internet Security Threat Report Volume 18 • Deep integration with directories for policy enforcement • Integration with enterprise DLP solutions • Indefinite retention of reporting data and logs Cloud Security Implementation Checklist Do you prefer a capital or operating expense? Are you in a highly regulated industry? Do your staff have time to maintain and manage the solution? Do you want to integrate mail and web O security with an existing enterprise DLP solution? O Do you have many branch offices and roaming users? What to look for in a Cloud Security Service Meaningful service level agreements backed by financial remedies For web security, local data centers near to your points of presence to minimize latency – and backed by a latency SLA O Service Provider should be transparent in areas such as physical security, data privacy, change control, operational security and ideally certified ISO 27001 compliant Security is paramount so a security pedigree is important – services should be backed by virus protection SLAS Easy management, control of policy and reporting Highly available data centers across multiple geographies to support a 100% availability SLA OSymantec.