IT and Business Insights for SMB Solution Providers

Secrets of Cloud Security

Channel pros can follow these tips and best practices to turn cloud security from headache to opportunity. By Colleen Frye
Reader ROI: 
PROTECTING CUSTOMERS’ WORKLOADS in the cloud is hard, but can be lucrative for MSPs that adopt best practices and new tools.
THESE INCLUDE getting buy-in from customers on a shared security model and requiring adherence to baseline security guidelines.
VET CLOUD PROVIDERS on their “matrix of responsibilities,” get up to speed on their tools, and establish clear expectations.

This article is based on a panel discussion at ChannelPro’s December 2020 Cloud and Managed Services Online Summit.

PROTECTING SOFTWARE-AS-A-SERVICE and infrastructure-as-a-service workloads in multiple clouds is more difficult and more in demand than on-premises security. That’s the bad news. The good news is it’s more lucrative too.

Channel pros who want to capitalize on this opportunity while protecting their customers’ businesses need to adopt best practices, recognize that new tools and techniques will be necessary, and choose their cloud service providers (CSPs) wisely.

Why Cloud Security Is Hard

Cloud computing has been on the rise, but the coronavirus pandemic and the need to spin up and support remote workforces has turbocharged adoption. IDC expects the global market for cloud services, software, and hardware to exceed $1 trillion annually by 2024, with a compound annual growth rate of 15.7%. Unless properly protected, all those cloud-based applications, servers, and storage repositories will continue to be a massive target for attackers.

It’s imperative, then, that managed service providers embrace and excel at cloud security. There are several challenges, however. For one, the potential threats MSPs face in a cloud environment aren't necessarily the ones that they’re used to dealing with in an on-premises environment, so different skills, techniques, and tools are required.

Michael Cocanower

The tools channel pros are accustomed to implementing “are designed to work in environments that we control,” says Michael Cocanower, CEO of itSynergy, a Phoenix-based MSP. The challenge now is securing customers’ in an environment the MSP doesn’t control, he explains.

MSPs need to adjust in two ways, Cocanower says. First is examining whether their current tools support integration with cloud platforms. “A lot of the tool vendors … have started to enable new functionality in their tools that allows you to hook into the cloud environments and plug those into your existing management infrastructure.”

Second, he says, MSPs need to get up to speed on the security tools that cloud providers like Amazon and Microsoft offer and learn how to “tweak those … so that they're optimally configured to secure our customers' environments.”

Another challenge is getting buy-in from customers on a shared security model. “A lot of folks believe that if they put their application, their work process, [their] data up in the almighty cloud, that someone else is going to take care of the security,” says Michael O’Hara, owner and principal consultant of Sparta, N.J.-based MEDSEC Privacy Consulting. He calls that belief “the threat of misunderstanding.”

In actuality, cloud security is a shared responsibility, stresses Angela Davis Dogan, founder and CEO of Davis Dogan Advisory Services, a risk management consultancy in the Greenville, S.C. area. “There's certain security measures that need to take place on the client side. There's certain security measures that the client needs to make sure are in place on the cloud side. And then the cloud side needs to execute and make sure that those security measures are in place and that they're proactively ensuring security exists in their environment.”

MSPs, therefore, must understand the cloud provider’s security model and what they may need to implement to protect their clients. O’Hara suggests asking cloud providers for their “matrix of responsibilities” document, which should outline what the CSP and the tenant client are responsible for.  

About the Author

Colleen Frye's picture

Colleen Frye is ChannelPro's managing editor.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.