Security technology was viewed like tax - nobody wanted to pay for it, says Vormetric CEO

Alan Kessler tells Computing attitudes to security have changed, and it's now seen as an enabler rather than a hindrance

Security technology used to be seen as a business burden like tax, but the perception of it has shifted to such an extent that budgeting for proper protection against cyber threats is now viewed as a business enabler.

That's according to Alan Kessler, CEO of data security and encryption solution provider Vormetric, who made the comments in an interview with Computing. Kessler argued that one of the main reasons behind the shift in perception is the uptake of enterprise cloud computing.

"It's largely motivated by organisations that are embracing new models of computing, in particular what's happening with cloud computing," he said, going on to suggest security solutions were seen as something organisations were "forced" to invest in.

"Security technology has traditionally been viewed as a tax; nobody wants to pay the tax, they're paying the tax because someone or something is forcing them to do it."

However, Kessler (pictured) told Computing that through the use of the correct security technology, organisations are able to reap benefits from deploying cloud-based software.

"But with cloud computing, for the first time, the economics are such that you can save so much money and gain flexibility and advantage by moving to the cloud that security is no longer a tax, it's an enabler," he said.

"It can help make something positive happen by employing the right technology – like encryption - that you can bring with you to the cloud and help you advance the business or organisation forward," Kessler added.

Encryption is a key word for Vormetric, with the firm offering customers the opportunity to "bring their own encryption" (BYOE), allowing them to take advantage of the benefits of cloud services, but use a product to encrypt sensitive data stored within it, thus reducing the probability of potential data loss should the cloud provider's servers be breached.

Kessler told Computing that BYOE has therefore been popular with existing customers who want to take advantage of the flexibility offered by cloud, while ensuring that data remains secure.

"Often they may have traditionally started with us with protected information in their four walls, they may have had compliance mandates to protect data in their networks," he said.

Now they want to move their data into the cloud and they want to use technology they trust with a single management point of control for that information," Kessler continued. "They can bring their own encryption, use the same management tools to control the data in someone else's cloud infrastructure as well as on their own premise."

When Computing asked if cloud providers such as Google, Amazon and Apple – the latter recently involved in a breach which saw celebrities' private photos exposed – could be going more to provide security, Kessler responded: "Certainly there's always more that your third-party vendor can do."

However, he also suggested that perhaps it is more important for cloud providers to properly inform their users about what they do – and don't do – when it comes to storing and protecting the data of businesses or individuals.

"I think for the big cloud providers, being clear about what they do and don't do is in itself a service. Because some individuals may presume certain levels of protection by moving information to a cloud provide," he said.

"Yet having an appreciation of what they do and what they'll contractually obligate they do is something that should be understood," he concluded.

Earlier this year, Vormetric research suggested fewer than one in 10 IT decision makers feel that their organisation is safe from "insider threats", with "privileged users" such as system or network administrators felt to be the biggest threat to the enterprise.