It feels like there continues to be a steady stream of new ransomware outbreaks or threats. Organizations are rightly concerned, and many of them have looked at their cloud security services as well as their traditional ‘best of breed’ security tools to help secure their infrastructure, data, and applications. One question that seems to arise from many companies is how to choose the right security services and tools to best meet to their own security requirements as they move their workloads to the cloud. Rik Turner and Roy Illsley from Omdia recently published a whitepaper, “Built-in versus bolt-on: Where to get your security for the cloud”, which discusses the pros and cons for both the “built-in” and the “bolted-on” security.

Deploying more security services and tools does not necessarily equal better security. In fact, customers now seem to have too many security services and tools to choose from. According to the Oracle and KPMG Cloud Threat Report, on average, organizations are using over 100 cybersecurity tools, with 80% considering consolidating a significant number of their security technologies to a single vendor. Having many non-integrated security tools can be complex to manage and require more security resources. Therefore, as organizations determine their security strategy in the cloud, they need to determine what the right tools are to secure their cloud workloads – the ones which are built-into the cloud, or the security bolted onto the cloud through APIs from ‘best of breed’ providers.

Security built-into the cloud means that it is natively designed as an integral part of the cloud service provider offering. For many providers, built-in security can span from within the architecture to security services that secure data and/or applications. There are advantages in terms of simplicity. When security integration comes as default, it means the enterprise customer can effectively turn on the security function “at the flick of a switch”, as it were, without the need for extensive deployment and integration work from their security team.

Bolted-on security is typically provided by a third-party cybersecurity company and is applicable to specific use case scenarios. Bolted-on security tools can span from firewall to app security services. Some organizations have developed business processes around those use cases when their data was on-premises and kept the security tools even when their data moved to the cloud. For them, bolted-on security from their best of breed security vendors may be welcomed. 

There are benefits and drawbacks to both built-in security from the cloud provider and bolted-on security from a third party security provider. I invite you to download the paper to better understand the benefits and drawbacks of each security deployment type and find out what is right for your organization.