Struggling With Cloud Security? 4 Vendors Offer Some Advice
We have insight from Accurics, Pax8, CloudBolt and Ingram Micro Cloud, plus recent CSA findings.
![Support, advice assistance Support, advice assistance](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt30bad35c3b70d020/65245330f66dd94795a7c890/Support_advice_assistance_guidance-1.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
“Cloud deployments are at risk for exposure and misconfiguration due to the velocity at which cloud technologies are being adopted and most security tools don’t address the heart of the issue.”
That’s from Alex Ausmanas, vice president of sales and partnerships at Accurics. Accurics detects risks in code before cloud infrastructure goes live.
How, then, should channel partners address the problem? Ausmanas’ thoughts are on the next slide.
Accurics’ Alex Ausmanas suggests partners start with “runtime-focused Cloud Security Posture Management,” or CPSM, tools.
These, he says, “introduce a requirement to verify that deployments will not overwrite fixes implemented in runtime. But newer developer-first CSPM tools implement fixes in the Infrastructure as Code, ensuring that deployments are always ready to go with the best configuration. This is part of what it means to be a “developer-first” security solution: ensuring that the solution not only addresses the security needs of the business but does so in a way that doesn’t create unnecessary friction in development workflows. It’s critical to help organizations reduce cloud security complexity by delivering security solutions that support both developer and security workflows, in development and in runtime.”
But there’s more partners can do, as well. Go to the next slide to see what Ryan Walsh, chief product officer and channel chief, Pax8, a cloud applications distributor, has to say.
“If 2020 taught us anything, it is the importance of advanced security measures,” Pax8’s Ryan Walsh says. “An effective and efficient way to strengthen security is by implementing automation that streamlines processes, which reduces manual touchpoints and decreases human error. By utilizing innovative solutions that provide automation, MSPs will greatly improve their clients ’ security posture, as well as their own.
There’s another important aspect to consider, too. Larry Kraft, senior vice president, global channels and alliances at CloudBolt, a cloud management platform provider, gives his take on the next slide.
“More platforms, more complexity and more systems all make cyberattacks more difficult to detect,” CloudBolt’s Larry Kraft says. “I’m not just talking about MFA or least-privilege access rights – although these things are important. I’m also talking about policy to govern how cloud resources are used, Role-Based Access Control to ensure only authorized admins can access or alter systems, and configuration management that ensures standards are met.”
Kraft’s advice for channel partners? Find out next.
In the never-ending search for cloud security, channel partners must ask some “crucial questions” on behalf of their clients, CloudBolt’s Kraft says.
Here they are:
“Have our clients adopted the most rigorous and up-to-date security policies and protocols? Do they have a 360-degree view of their infrastructure? Can they ensure their attack surface doesn’t increase as their hybrid cloud infrastructure evolves? Are the methodologies they are leveraging to deliver code and applications faster, such as CI/CD, not forgotten when security is being discussed?”
“Security has become ubiquitous and table stakes at any customer conversation.”
That’s the takeaway from Victor Baez, vice president of global cloud channel sales at distributor Ingram Micro Cloud.
Historically, he adds, “MSPs and resellers layered in security solutions and conversations after an initial service was provided. The demand from customers now is that it becomes incorporated or built-in to any value proposition being presented. Managed detection and response solutions or partnerships are key to MSP success.”
But there’s something else important partners can’t let their customers ignore.
Without financial backing, cloud security efforts won’t go far. And if (or when) a breach happens, organizations must be prepared. Here’s some advice from CloudBolt’s Larry Kraft for approaching the situation:
“CISOs need to … ensure that budgets are being allocated to enact a proper triage and remediation plan across any aspect of their infrastructure whenever a bad actor attempts to compromise them.”
Partners can help the CISO by rolling out a cloud management platform with complete visibility into cloud. Such software “should play a pivotal role in securing … hybrid, multitool environments by delivering policy-driven integrations and establishing guardrails for all cloud workloads,” Kraft says.
Further, to the point about the almighty dollar, a management platform will help clients assign the right resources to cloud workloads. That inherently saves money, or at least ensures spending is governed. On top of that, a cloud management platform will “establish methods for charge-back that optimize budget allocation and significantly reduce overspending,” Kraft says.
Without financial backing, cloud security efforts won’t go far. And if (or when) a breach happens, organizations must be prepared. Here’s some advice from CloudBolt’s Larry Kraft for approaching the situation:
“CISOs need to … ensure that budgets are being allocated to enact a proper triage and remediation plan across any aspect of their infrastructure whenever a bad actor attempts to compromise them.”
Partners can help the CISO by rolling out a cloud management platform with complete visibility into cloud. Such software “should play a pivotal role in securing … hybrid, multitool environments by delivering policy-driven integrations and establishing guardrails for all cloud workloads,” Kraft says.
Further, to the point about the almighty dollar, a management platform will help clients assign the right resources to cloud workloads. That inherently saves money, or at least ensures spending is governed. On top of that, a cloud management platform will “establish methods for charge-back that optimize budget allocation and significantly reduce overspending,” Kraft says.
Cloud security – or the lack thereof – is causing some significant headaches.
According to the Cloud Security Alliance, 11% of organizations responding to a survey said they experienced a security incident last year. In fact, the average number totaled five. Almost a third (27%) of respondents didn’t want to answer the question. Along those lines, 41% said they didn’t know whether a security incident had occurred.
Meanwhile, more than half of organizations now run at least 41% of their workloads in a public cloud. That’s double the number of organizations from 2019.
“[T]his trend toward public cloud will only continue,” the CSA says, noting the increase likely comes from the rise in remote work due to COVID-19.
Those findings all align with wider industry observations. And they underscore the reality that cloud environments continue to grow in complexity. Security no longer is a nice-to-have; it’s a must. And yet, one vendor told Channel Futures: “Quite possibly the most overlooked aspect of cloud and digital transformation is security.” (That struck us as a bold statement — feel free to weigh in on the comments.)
Missing the Mark?
Organizations that don’t rely on channel partner expertise seem more likely to miss the mark on cloud security. Yet even channel partners themselves – from managed service providers to agents – should keep examining their practices to make sure they’re not missing any gaps.
Of course, the degree to which they would do so depends on how deeply involved they are with cloud infrastructure and applications overall — from product selection and design to deployment and ongoing management. (Traditional agents, take note: The CSA reports that 58% of organizations are concerned about network security in their cloud setups.) The slideshow above explores suggestions and insight from several cloud vendors.
(In the meantime, If you’re looking for some peer-to-peer advice on under-the radar cloud opportunities, check out this slideshow. And if you’re exploring ways to make the most of cloud, go here.)
About the Author(s)
You May Also Like