Fortunately, the cloud could help change that. Denver-based ViaWest, a provider of colocation and managed services to mid-sized and enterprise-level businesses, needed a security solution that would streamline compliance efforts for its customers in order to compete in the crowded colo and MSP market.
The company searched for a cloud security tool that would help customers safely store sensitive information, such as credit card data, while streamlining the compliance efforts around those sensitive tasks.
ViaWest adopted StillSecure’s Cloud Security Services Platform, in part due to a specific service: PCI Complete.
“StillSecure’s products are designed to account for the changes many businesses are either struggling with now or will be soon,” said Steve Prather, VP of Strategic Development for ViaWest. “Specifically, how will they achieve PCI compliance in cloud environment? And will they be able to deploy VMs in a way that doesn’t undercut compliance?”
PCI Complete is a managed solution that helps merchants comply with Payment Card Industry Data Security Standard (PCI DSS) provisions. As a PCI DSS-certified data center operator, ViaWest can provide infrastructure services and hosting services that customers know are secure and meet privacy requirements. PCI Complete streamlines compliance through single-button access to PCI-specific reports that prove to auditors and management the IT environment is secure and compliant.
StillSecure intends to roll out other compliance services soon, with a HIPPA compliance service debuting later this year.
Security inevitably trends towards consolidation until some disruptive technology comes along to fragment it yet again. It’s an ongoing, frustrating cycle – but a consistent one.
For IT, consolidated security is a good thing, making daily workflows much easier to manage. In these early days of cloud security, keeping an eye on the big picture is essential. Will your web application firewall, cloud IPS and DLP solution work together? If not, are their management consoles familiar enough that IT doesn’t have to spend an inordinate amount of time switching gears to manage each independently?
One reason that Integral Networks chose Vyatta is that their security/networking OS suite effectively replaces Cisco infrastructures. The Vyatta management consoles are similar enough to Cisco solutions that IT doesn’t have to relearn an entirely new system from scratch.
“Some of our government and education customers have very specific requirements in their RFPs that demand Cisco infrastructure,” Badger of Integral Networks said. “We were able to show feature by feature how Vyatta met or exceeded Cisco functionality. With other solutions, we probably would have lost out on many of those bids.”
Many of ViaWest’s customers are smaller and mid-sized enterprises. In that part of the market, many companies have limited budgets and cobble together various security point products that have little integration.
“An integrated product like StillSecure gives customers a look at the big picture,” Prather said. “There is better threat correlation, better metrics and improved ease of use through a single management interface. Non-integrated solutions don’t give you a complete view of the security landscape, and they lack event correlation. With an integrated product, when three different security components – such as an IPS, firewall and vulnerability scanner – triangulate on an issue, you know it’s a significant problem.”
Businesses flocking to the cloud hope to save money and are disappointed if they don’t. They have similar hopes, of course, when adopting cloud security solutions.
Integral Networks, HCR ManorCare and ViaWest all reported strong ROI numbers.
Integral Networks saved more than $120,000 by switching to Vyatta and away from SonicWall and Cisco. HCR ManorCare said that it instantly lowered its security TCO by nearly $150,000 by switching to Zscaler’s security service, while also experiencing a 40 percent increase in the effectiveness of blocking malicious sites.
ViaWest’s customers save anywhere from $3,000 to $10,000 each year on their compliance efforts, since compliance is streamlined and auditors often are able to forego site visits. Added to that, compliance no longer disrupts workflows the way it did in the past. Multiply those savings across an entire customer base, and total ROI adds up impressively.
Each of the end users I talked to also mentioned a range of “soft” benefits, which don’t translate as easily into ROI numbers. Flexibility, agility, and the ability to outsource critical security functions to experts and away from general IT staff are benefits that don’t show up in an ROI report, but they’re every bit as important.