Joe Tieu

By Joe Tieu, Senior Director of Platform and Cloud Vendor Management, Westcon-Comstor

Security is a paramount concern for customers, and rightly so. With data breaches and malicious hacks garnering headlines on a daily basis, there’s seemingly no end to the lengths the bad guys will go to steal information — even through an IP-enabled aquarium in a casino. Of course, most companies don’t have smart fish tanks to worry about, but there’s a good chance that a back door is open somewhere. And as more workloads move to the cloud, it’s getting harder to spot those weak spots.

While most customers realize that cloud can solve business problems more quickly, inexpensively and effectively, many fail to have the proper security policies to safeguard their data in multi-cloud environments. And therein lies the opportunity for the channel.

Management Over Mitigation

Solution providers and MSPs should proactively help customers build and implement security policies in concert with the cloud technologies they implement. Designing an appropriate policy can be a smart— and profitable — way to get close to clients and prospects. It’s simple: Customers that have more control over their technology are better able to manage, not mitigate, security risks. But that message isn’t getting through. By 2018, only 60 percent of enterprises will implement appropriate cloud visibility and control tools. The 40 percent that do, however, will experience one-third fewer security failures, according to Gartner.

Components of the cloud stack under customer control are particularly vulnerable because inexperienced users tend to adopt poor cloud practices, usually unwittingly. That can lead to serious security or compliance failures that don’t reflect well on you as a trusted business and IT adviser. No matter that the fault lies with the customer.

So how do you help customers build a strong cloud security policies? It’s really quite similar to many other IT policies. You need to consider how data is classified, how risk responsibilities are shared and how users use cloud services.

Here’s a brief summary on each:

There are plenty of cloud security and management applications in each of these areas, as well as …

… examples of user policies to follow. If you’re not sure where to start, talk to your favorite security vendor, distributor or solution provider peer for help. However you look at it, managed security services, including policy development, are a profitable business.

Yes, ultimately, the responsibility lies with the end-user organization to exert control over cloud. But most companies will gladly accept help from experienced, knowledgeable partners to minimize that risk. Those that don’t take a strategic approach to cloud control could find themselves in an insecure, inflexible or noncompetitive situation.

Cloud security is much different than traditional security. It’s not just protecting the compute side, but also the whole corporate environment itself. Channel partners can add tremendous value to their existing cloud and security solutions by helping customers set policies that better safeguard data and meet compliance standards. Vendors from Microsoft to Sophos want to help. Now’s the time to get more involved, keep customers close — and lock down those aquariums.

Joe Tieu is senior director of platform and cloud vendor management at Westcon-Comstor.