Cloud Control: Setting and Enforcing Policies to Better Manage Risk

Cloud is a great tool for customers, but you need to help them use it effectively and safely.

October 23, 2017

3 Min Read


Joe Tieu

By Joe Tieu, Senior Director of Platform and Cloud Vendor Management, Westcon-Comstor

Security is a paramount concern for customers, and rightly so. With data breaches and malicious hacks garnering headlines on a daily basis, there’s seemingly no end to the lengths the bad guys will go to steal information — even through an IP-enabled aquarium in a casino. Of course, most companies don’t have smart fish tanks to worry about, but there’s a good chance that a back door is open somewhere. And as more workloads move to the cloud, it’s getting harder to spot those weak spots.

While most customers realize that cloud can solve business problems more quickly, inexpensively and effectively, many fail to have the proper security policies to safeguard their data in multi-cloud environments. And therein lies the opportunity for the channel.

Management Over Mitigation

Solution providers and MSPs should proactively help customers build and implement security policies in concert with the cloud technologies they implement. Designing an appropriate policy can be a smart— and profitable — way to get close to clients and prospects. It’s simple: Customers that have more control over their technology are better able to manage, not mitigate, security risks. But that message isn’t getting through. By 2018, only 60 percent of enterprises will implement appropriate cloud visibility and control tools. The 40 percent that do, however, will experience one-third fewer security failures, according to Gartner.

Components of the cloud stack under customer control are particularly vulnerable because inexperienced users tend to adopt poor cloud practices, usually unwittingly. That can lead to serious security or compliance failures that don’t reflect well on you as a trusted business and IT adviser. No matter that the fault lies with the customer.

So how do you help customers build a strong cloud security policies? It’s really quite similar to many other IT policies. You need to consider how data is classified, how risk responsibilities are shared and how users use cloud services.

Here’s a brief summary on each:

  • Data Classification: Not all data is created equal, and it shouldn’t be treated as such. This is critically important for companies under strict compliance requirements where data can move between various cloud environments. Many security products can help jump start a classification effort.

  • Shared Responsibility: Different cloud providers have various models governing who is responsible for information as it travels and comes to rest within their infrastructures. Then there are rules about how to protect data on various mobile devices. Knowing who is responsible for data based on its location is important for customers using multiple third-party cloud services. Don’t assume the risk lies with those providers.

  • User Policies: Cloud services can do a lot, but they can’t predict human behavior. Employees need to be well trained on how to correctly use the cloud, not only to be more productive, but to protect company data.

There are plenty of cloud security and management applications in each of these areas, as well as …

… examples of user policies to follow. If you’re not sure where to start, talk to your favorite security vendor, distributor or solution provider peer for help. However you look at it, managed security services, including policy development, are a profitable business.

Yes, ultimately, the responsibility lies with the end-user organization to exert control over cloud. But most companies will gladly accept help from experienced, knowledgeable partners to minimize that risk. Those that don’t take a strategic approach to cloud control could find themselves in an insecure, inflexible or noncompetitive situation.

Cloud security is much different than traditional security. It’s not just protecting the compute side, but also the whole corporate environment itself. Channel partners can add tremendous value to their existing cloud and security solutions by helping customers set policies that better safeguard data and meet compliance standards. Vendors from Microsoft to Sophos want to help. Now’s the time to get more involved, keep customers close — and lock down those aquariums.

Joe Tieu is senior director of platform and cloud vendor management at Westcon-Comstor.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like