How Can Partners Make Cloud Security More Secure?
Submitted by Ed Morales, Global Vice President of Security and Next-Gen Business Development TD SYNNEX
In today’s increasingly digital and fast-paced business environment, almost every organization you can think of is using at least one cloud solution. As the great migration to cloud continues to take off, issues such as overly-permissive cloud identities and misconfigured architecture can leave organizations susceptible to attacks, making cloud vulnerabilities a huge threat to data security.
Overall, cybersecurity technology is effective at reducing threats and risks to an organization. This is subject to choosing the right tools and platforms and configuring them correctly. Selecting the best technology vendor to use is daunting, due to the number of solutions available on the market. When choosing, there are a number of factors to consider: what is the scope of your client’s needs, what controls are needed, what local regulations do you need to comply with, etc.
Understanding cloud security requirements
The shift to the cloud, especially a multi-cloud environment, complicates the cybersecurity arena further. Businesses now need to consider external and internal threats and secure the connectivity between their on-premise and cloud infrastructure.
Understandably, many businesses believe that their cloud provider will take care of the security for them, but this is not the case. Cloud providers secure their own infrastructure very well. Some may even offer additional security tools to help you secure operating systems, applications and workloads. But, even if they provide additional security tools, the onus is down to those who are using or managing the cloud service to set-up the cloud environment so that it provides the organization with the required levels of security.
Different cloud providers have varying levels of responsibility and expectations for end users. Becoming familiar with these is an essential part of understanding the vendor’s cloud offering. In multi-cloud environments, it is especially critical that partners understand the level of security delivered by the cloud providers and the level of responsibility placed on the operator to properly configure the environment and security controls.
Where to start?
Auditing the security of your cloud environment should be the starting point. Understanding the different cloud environments an organization has, the systems that are running on them, and what data is stored in each is critical when assessing any potential risks.
You need to identify any shadow IT, something that can be done by analyzing the records of your secure web gateway or Secure Access Service Edge (SASE) solution. Once you have a clear picture of all of the environments and systems in an organization, a risk assessment can be conducted. This sets out those systems that are the most critical to business operations and the impact for that business if it were hacked. From here, a security environment can be designed and implemented, with penetration testers brought in a few times per year to weed out issues and ensure that they are being resolved. As data passes from one cloud provider to another, you’re also looking for new or emerging gaps in an organization’s security posture.
Growing a cybersecurity practice
We often see resellers and Managed Service Providers (MSPs) hire a cybersecurity leader as the first stage in them building their cybersecurity business. This then leads to that partner approaching their customers with high value but complex security solutions. This is not the best route to market. Instead, partners should look at what they sell to their customers and align their security offering. This means that, while their team may not be fully trained on the cybersecurity side, they will understand cloud technology, or networks, and so understand the driving forces behind wanting to adopt a complimentary cybersecurity solution. This approach makes it infinitely easier for sales teams or customer support staff to have conversations with customers, which in turn makes it easier to get a cloud security offering off the ground.
It is clearly also important to consider what training and enablement and other support may be needed. Vendors and solutions aggregators have highly developed training offerings that partners can access for their teams, as well as financing and business strategy support to help them identify and act upon sound market opportunities. Where customers have requirements that go beyond the partners skillset, there are also customisable cloud security solutions available on the market or even dedicated teams within solution aggregators that provide technical support. In leveraging these, partners don’t have to miss out on business while they build up their in-house capability.
SMBs should invest in cybersecurity
Small and medium sized businesses often make the mistake of thinking that they are too insignificant for a hacker to target. They are not. While some might assume hackers spend hours personally selecting their targets, the truth is that they typically use automated programs to scan the web looking for weaknesses. Considering that a cyberattack is more likely to be catastrophic for an SMB, they would do well to ensure they have constructed a secure cloud environment to protect their most critical systems and data.
The process of securing a cloud security environment may look daunting to SMBs, but it is absolutely necessary. Typically, the IT team is given the responsibility for security, but this does not necessarily fit with their skillset. The implementers of the technology need to follow the rules to make sure that the technology operates properly. However, those responsible for security need to think about the opposite — how those rules can be broken and how to protect against those breaches. No matter if SMBs use a managed service provider or create their security team in-house, it is critical they have someone with a security mindset analyzing their company’s infrastructure.
Cybersecurity and technology continues to become more complex. It is important that partners work to make things simple for themselves and their customers. Cloud environments bring unexpected challenges, such as issues around skills and compliance. However, resellers and MSPs should not be put off by this. If partners work out what their strengths are and build their cybersecurity specialism on that foundation, it leads to successes for themselves and their customers. Equally, we’re seeing distributors like TD SYNNEX seriously ramp up the amount of support and enablement they’re able to offer. They are redefining the role of distribution, becoming more akin to what might be called a solutions aggregator or solutions orchestrator.
When it comes to cybersecurity, we’ve helped thousands of partners take off into the clouds. If your business could benefit from a bit of extra thrust, all you need to do is check out our Solutions Factory offerings with trademarked Click-to-Run™ capabilities.