High-profile data security breaches, such as Target’s infamous holiday-season fiasco and the most recent eBay break-in, bring the issue of security to public attention, but thousands of non-household-name enterprises struggle with the security of their IT infrastructure every day.
Cloud infrastructure services have created an opportunity for service providers to offer security management as part of their proposition to enterprise customers. Most of these providers turn to partners who specialize in security to gain such capabilities.
The latest example is Latisys, an Infrastructure-as-a-Service-oriented provider that has teamed up with Alchemy Security and AlienVault to beef up its security software suite for clients. Alchemy provides the core security brains, while AlienVault provides real-time threat data, all consolidated under Latisys’ Threat and Compliance Management Services.
Wendy Nather, security research director at 451 Research, said such partnerships were a wise thing to do for companies for whom security was not a core competency. “Latisys is really smart to bring on Managed Security Services Provider security consultancy like Alchemy because it’s very hard and human-resource intensive to build this,” she said.
Making security real-time
Latisys has offered a lot of standard firewall, VPN intrusion detection and prevention services and has had a relationship with Alert Logic, provider of security solutions for cloud and hosting services. Autumn Salama, director of solutions management at Latisys, said the new partnership brings in an event correlation engine that was not available to the company’s customers before, however.
“There’s a lot of stuff out there that just checks the box,” Salama said. “Security is a lot more than that. The importance of a holistic solution and bringing it all back together and layering the expertise atop of that is important. The customer doesn’t have to do the monitoring if they don’t want to. They’re using industry-recognized technology, and Alchemy is running that stuff for the customer and they can monitor it too.”
No good checklist for security
Nather said just about every company was trying to figure out exactly what level of security they needed. “There isn’t a good checklist except for PCI (Payment Card Industry Data Security Standard), so many are turning that into a checklist.
“One bump in the road that service providers and MSSPs understand is that they can only do so much to secure customers. Half of the security is how they use the technology. If they’re patching, the provider can’t do much about it if they get breached.”