Archive for the ‘Cloud Compliance’ Category

Moving to cloud-based SIEM: the cost advantage

June 17th, 2020 No comments

Companies weigh multiple factors in any technology implementation, balancing risks with business needs and IT capabilities. And while the same is true with cloud-based security information and event management (SIEM) solutions, cost overwhelmingly shapes the discussion as well.

For example, according to new IDG research among 300 IT and security leaders, the top outcomes respondents expect by switching to cloud-based SIEM include:

  • Forty percent—lower staffing costs.
  • Forty percent—lower operational expenses (OpEx).
  • Thirty-four percent—lower capital expenses (CapEx).

“If you look at it on the surface, the cloud is more expensive than on-premises. But you have to factor in the soft costs…” said one technology services CIO. In fact, for this CIO and his company, it no longer made sense to continue running traditional on-premises SIEM in his datacenter.

“It was very hard to continue to expand,” he explained. “It wasn’t super cost effective. It was pushing our bandwidth. Managing it internally required skillsets that I wouldn’t need with a cloud-based implementation.”

This blog will summarize some of the key findings in a new IDG report published by Microsoft Azure. You can learn about additional challenges to security operations teams by reading the IDG report: SIEM Shift: How the Cloud is Transforming Security Operations.

Unmasking cost factors

All those soft costs add up. IDG found that cloud-based SIEM users spend, on average, $541,000 per year to support their solution, while on-premises companies are averaging $607,000.

Traditional on-premises SIEM users reported higher costs across the board—including for licensing, maintenance, software, and staffing expenditures. They were also more likely to cite hidden costs associated with supporting their on-premises solutions, including:

  • Staffing/training SIEM analysts.
  • Initial purchase/licensing costs.
  • Integration of data sources.

On the other hand, respondents using cloud-based SIEM solutions are focused on finding further efficiencies. For example, they’re automating operations at nearly double the rate of on-premises users. They’ve discovered that by shifting these tasks to an automated cloud solution, personnel can focus on more strategic initiatives.

Following a transition to cloud-based SIEM, “Nobody lost their job,” said one senior solutions architect for a telecom company. In fact, those workers who originally supported the on-premises solution were retrained and moved into DevOps, he said.

The bottom line

On-premises SIEM users are 11 percent more likely than cloud-based implementers to cite total cost of ownership as an existing challenge, according to IDG. As data volumes continue to grow, managing total cost of ownership (TCO) for traditional SIEM can become unwieldy. Infrastructure expenses will increase, right along with the staffing needs to support the solution.

“When you look at total cost of ownership, the cloud SIEM model becomes very attractive,” said Bob Bragdon, Senior Vice President and Publisher, CSO. “Particularly in terms of not having to build out and maintain a supporting infrastructure. When you can push that to the cloud and move from a CapEx model to an OpEx model, the financial dynamics shift considerably.”

Learn about other areas where on-premises and cloud-based SIEM like Azure Sentinel measure up by reading the IDG report: SIEM Shift: How the Cloud is Transforming Security Operations.

Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on Twitter: @MSFTSecurity for the latest news and updates on cybersecurity.

The post Moving to cloud-based SIEM: the cost advantage appeared first on Microsoft Security.

Transparency & Trust in the Cloud Series: Kansas City, St. Louis, Minneapolis

March 5th, 2015 No comments

Over the last few months, Microsoft has hosted a series of events to bring together Chief Information Officers (CIO) and their legal counsels, Chief Information Security Officers (CISO), as well as IT operations leaders from enterprises in cities across the US. These “Transparency & Trust in the Cloud” events aim to highlight and discuss the security, privacy, compliance, and transparency capabilities of Microsoft’s cloud services.

Recently, I was given the opportunity to attend and speak at those in Kansas City, St. Louis, and Minneapolis. I was also able speak directly with many enterprise customers in each city. I was joined by other Microsoft cloud subject matter experts, where together, we answered a range of technology, business process, and legal questions that attendees had—and believe me, they had some well-thought, complex questions!

For example, in Kansas City, attendees asked about service level agreements and were provided with the Microsoft perspective by our Assistant General Counsel, Dennis Garcia. In St. Louis, we were asked about Microsoft’s own journey to move workloads and applications from on premise to the cloud. Ryan Reed, from Microsoft IT, has been doing this work at Microsoft for some time, and shared architectural and development considerations with the audience. Enterprise customers in Minneapolis asked questions ranging from eDiscovery to security incident notifications, to the right to audit, to protecting sensitive healthcare information. These discussions are also extremely helpful to us, at Microsoft, to better understand which topics are top of mind for enterprise customers who are evaluating the use of or adopting cloud services.

I would like to again thank those customers who attended these events. Thank-you!

More meetings like these have been scheduled in different cities across the country. If you are a CIO, CISO, legal counsel, or operations leader for an enterprise organization and would like to learn more about the Microsoft approach to building the industry’s most trustworthy cloud, please reach out to your account team to inquire.

I’m looking forward to meeting more customers and having deeper discussions on trust and transparency in the cloud in the coming weeks.

CISO Perspectives on Compliance in the Cloud

September 9th, 2013 No comments

Regulatory compliance is a hot topic among many of the customers I talk to. Of particular interest is compliance as it relates to the cloud. It is a challenging topic and there are many regulations that Chief Information Security Officers (CISOs) need to be aware of and adhere to and these can vary significantly by industry and location.

Today Trustworthy Computing is releasing an executive level article providing insight on the challenges, success factors and potential solutions of compliance from CISOs representing some of the world’s largest organizations. Our aim is to share and highlight some of the key things that other CISOs and information and security risk specialists might want to consider in relation to the topic of compliance.  Read more

…(read more)