In what could be considered an unusual move at a time when most companies choose to keep their cybersecurity tools on-premises, John Graham, CISO for Jabil Circuit, says the manufacturing services company is adopting more cloud security services.
Graham says that moving to the cloud lets the company focus on its core business of making high-precision molds, mechanical tools and medical devices. More specifically, it allows his tech staff to focus on threat analytics. Graham expects Jabil’s cloud migration strategy to become the rule rather than the exception.
John Graham, CISO for Jabil Circuit.
“The biggest thing that we get is speed to deployment and stability,” says Graham, who joined the $18 billion company in September 2013. “No longer do I have to have a team that has to worry about upgrading the hardware or the OS, or fooling with any of that."
Companies have been gradually moving many of their business applications and software infrastructure to the cloud. But they’ve been slow to entrust their security to someone else, preferring to manage their firewall appliances and other cyber-tools internally. Yet CIOs and CISOs struggling to keep pace with the rapidly shifting threat landscape -- which includes anything from random phishing to highly targeted attacks from hackers seeking corporate data -- see an advantage in relying on vendors for whom cybersecurity is their core competency.
David Burg, global cybersecurity practice leader for PwC, says that 69 percent of 10,000 CEOs, CFOs, CIOs and other executives surveyed this year said they using some form of cloud-based tool for data protection, privacy, network security, identity and access management, real-time monitoring and analytics, and advanced authentication “I think we’re at the beginning of a wave of an evolution from on-premises to off-premises” solutions, Burg says.
Jabil streamlines Web security in the cloud
When Graham became Jabil’s first CISO two years ago, he learned the company was running 75 distributed Web-filtering machines that were up for renewal in just four months. Rather than protecting the network, the machines were being used to block porn and other entertainment sites. That wouldn’t do for a company that stores digital copies of product schematics for large enterprises, making it an attractive target for attackers. After evaluating several solutions, Graham selected Zscaler, which provides hosted Web security, malware detection and other services. “This was the first step to put a blanket around the whole company,” Graham says.
Continuously scanning Jabil’s network, Zscaler works in conjunction with Splunk machine-learning software to hunt for and block potential security threats, as well as the OneLogin single sign-on authentication tool to see whether employees are bringing in malware as they sign in with their corporate credentials. He says the switch to Zscaler, completed in about six weeks, has enabled him to reassign low-level employees as “hunters” protecting analyzing threats, rather than just “watching screens,” waiting for something bad to happen.