Security: A Perspective On Costs

There once was a common misconception with cloud computing that it was inherently less secure than traditional approaches. This cynicism was due largely to the fact that the approach itself was disconcerting to the initiate, with your data stored on servers and systems over which you had no control. However, security professionals soon came to realise that the physical location of your data matters much less than the means of accessing it. This was just one of the many elements to consider for those migrating their security from applications deployed on general servers to dedicated cloud-based security, but no longer one as prevalent as the cost implications of such a transition. In their September newsletter, cybersecurity company and GMS partner, Cyren, have explored the tenability of this in terms of economical value for total cost of ownership (TCO), not just the cost of acquisition  – their findings are illuminating to say the least.

As with any assessment of costs, budgeting is a key aspect. Purchasing appliances can often be financially circuitous, mainly because it involves the implementation of a structure for the various hardware and software licensing components. Cloud security however is, as Cyren themselves proclaim: “A single, predictable fee per user”. This just means that there’s no complication or hindrance for budgeting, sizing, location, or potential future scalability. The latter, in particular, is certainly something IT security gurus ought to take into account given the constantly shifting environment of cybercrime, which we looked into in a post last month. Simply put, your cloud security provider owns and maintains the infrastructure, taking care to scale it as threats change and develop.

This rather aptly brings us on to the stage at which an appliance will need replacing. It may be that the device has failed, is no longer working to standard, or is simply no longer supported by the vendor. If this is the case, it can be quite the drain on time and resources to fix or re-deploy. Cloud security subverts this because the provider would be responsible for software updates, hardware refreshes and capacity planning which would mean the need to support an end-of-life system would be surplus to requirements, allowing you to focus on business productivity, not maintenance and finances.

The final piece in the puzzle is how the processes of cloud security itself measure up to in-house security appliances, and why costs remain relevant to this. Much of it comes down to infrastructure and maintenance of course, but we must also consider bandwidth. Traditional security appliances will receive emails, process them and either forward them to your email server or store them in quarantine. This is all well and good, but Cyren point out that it’s a waste of bandwidth if spam is still sitting in your network post-filtering. Cloud security meanwhile processes and filters malware, before it reaches your network, all the while learning as much as possible from these threats in order to protect you from any future, more advanced iterations. So why’s it more cost-effective? Because bandwidth is expensive and you will spend less time and effort cultivating it against maturing cyber attacks.

The overall point to take home from Cyren’s findings is that when considering TCO, cloud security triumphs by a 70%-80% savings landslide. This doesn’t even take into account the benefits of fast implementation, flexibility or the need for hardware procurement. The question over whether you opt for the traditional deployment of security solutions over cloud security may remain a difficult one to answer, but as cybercrime becomes more prominent, it should definitely be up for discussion, particularly now that we know that cloud security can be much more financially solvent.

At GMS we have integrated Cyren’s security solutions with our On Premise and Cloud products for a very simple reason: they are best in class. Through our partnership with Cyren, we can confidently offer the best protection in preventing, mitigating and identifying any manner of viruses and spam delivered by the primary infection vector: email. If you want to learn more about these integrated solutions please visit or