OREANDA-NEWS. February 23, 2016. Security is always of special concern to cloud adopters and would-be adopters, for obvious and enduring reasons. Primarily, the cloud forces the enterprise to give up some control of its IT, and that can be unsettling. When respondents to the RightScale 2016 State of the Cloud Report listed their top cloud challenges, 29% named security, making it the second-most cited concern.

Equinix partner Alert Logic specializes in enterprise cloud security. We’ve invited the company to share its expertise at several upcoming Equinix EVOLUTION events, including Tuesday in Silicon Valley, then Thursday in Atlanta and March 1 in Washington D.C. To preview these events, we talked to Alert Logic’s Cyber Security Evangelist Paul Fletcher and Chief Security Evangelist Stephen Coty about how companies can meet evolving security challenges. Paul will be speaking at the EVOLUTION events in Silicon Valley and Atlanta, Stephen in Washington.

What is the basic difference between security in a traditional enterprise and in the cloud?

Stephen: With traditional IT, you are inside your enterprise, you’re managing, you’re monitoring, you have control, or at least you think you’re in control, most of the time. But in the cloud, you have to rely on partnerships outside the enterprise, you can’t control everything, and that can be a tough adjustment. So understanding that the cloud is a shared security model is very, very key for the internal security team to manage their cloud successfully.

What’s a common mistake companies make when they’re working to secure the cloud?

Paul: The biggest mistake I see is that companies lack the vision to reinvest in their people and give them the skills that are needed to be efficient and secure in the cloud. Many companies don’t view the cloud as a new type of technology, or a new type of delivery system, and they assume that the old talent, skills and training system will translate perfectly. That’s a mistake. You have to consider whether you have a team that’s capable and willing to learn new ways to deploy different security features that are available in the cloud, and be ready to invest in your talent. Or you need to consider if it’s smarter to outsource and learn from an organization that’s already doing it, or to bring in a consultant.

What’s something security solutions providers need to bring to the table, to ensure they remain effective as threats evolve?

Stephen: I think one of the biggest things is constant vigilance. At Alert Logic, we offer 24×7 monitoring and a trained analyst is always looking at events and generating incidents. Most organizations don’t have that. Building a security operations center costs millions of dollars and it takes anywhere from 24 to 36 months to do it. And small enterprises don’t have that staff to be watching 24×7. But we can give them that. We can make sure they have someone there all the time, looking for those indicators of compromise, as they are happening. If someone is always watching, you can know within hours, or even minutes, if an incident has happened in your environment. That’s how you get to a resolution faster.

Do you feel like partnering with Equinix gives you and your customers any kind of edge?

Paul: Our growth is heavily dependent on the public cloud platform, with AWS being the primary partner there, so Equinix’s proximity to AWS is huge. It enables us to scale our business more rapidly and deliver services a little bit differently. Also, we’re SaaS-based, and we’re capturing a security event locally in our customer’s environment, encrypting it and sending to our back-end analytics engine for analysis and correlation. With Equinix, customers can directly connect into our analytics engine. That means all their security incidents can flow directly into it without crossing the public Internet. That’s important to many of them.