By Chris Braden

Chris Braden

The amount of data (and the value of that data) being stored in the cloud is growing rapidly, and cybercriminals are quick to recognize the opportunity.

The cloud is inherently less secure than on-premises solutions and therefore requires a greater and more complex security strategy. The cost and complexity of designing, implementing and executing a security strategy across cloud, hybrid and physical network assets is growing, and as the cost and complexity increase, the challenge for companies to protect and secure their data becomes greater. This also means that the market opportunity today to provide cloud security solutions for MSPs is tremendous. It certainly comes with challenges, but there are fewer security solutions available today than there are for traditional network-based security requirements. This represents an opportunity for those companies with cloud-security capabilities to target a less competitive market, with predictably less commoditization and greater ability to differentiate.

Cyberthreats traditionally targeting on-premises resources, such as ransomware, identity theft, and data exfiltration, are a growing concern for cloud services as well. As organizations continue to adopt the cloud, effectively addressing these additional security challenges is a top concern. Midmarket companies are especially susceptible because cloud adoption is more prevalent among the midmarket range — enterprises with from 100 to 999 employees and earnings of $50 million to less than $1 billion in annual revenue, according to Gartner’s definition — due to its ease of deployment and low upfront costs. Midmarket firms typically lack the expertise and resources required to effectively secure their cloud deployments, which is where the MSP comes in.

Contrary to popular belief, the cloud customer is still responsible for ensuring that their workload is secure and protected against things like credential abuse or data exfiltration, both of which are leading cloud security concerns.

Some of the largest cloud breaches over the last two years could have been prevented with proper security due diligence.

Additionally, there are various cloud security checklists, including this one from eSentire, available to help your team …

… navigate priority security concerns and contractual considerations for all cloud service providers.

MSSP Differentiation Equals Opportunities

No solution can make an MSSP rise to the top by itself. However, the ability to address the growing opportunity to secure assets and data in the hybrid space is one that few MSSPs address effectively. An effective and differentiated solution that is well-executed and supported with strong customer service can reap tremendous benefits for an MSSP. For most MSSPs, the security solutions and their ability to implement, operate and manage said solutions is what differentiates them from other MSSPs, MSPs or competitors. Much of the cloud and IT stack is either already commoditized or is rapidly on its way, and as with any industry, differentiation and product or service evolution is critical to gaining and keeping market share. Having a hybrid cloud security solution can certainly be a game-changer for any MSSP as it would represent the ability to gain new customers while reducing churn in their installed base.

The opportunities for MSPs to partner with a cloud security vendor represent a choice (one of many) between building and running their own security operations center (and effectively becoming an MSSP) or partnering with companies who can add full or partial SOC service offerings to their portfolio. This gives an MSP a chance to reap some of the benefits of having a SOC (e.g., customer acquisition and retention), while avoiding the challenges that come with the investment in budget and personnel to build and develop their own SOC. Of course, there are trade-offs associated with risk/reward/return, but for many MSPs this is a highly viable and appealing option.

Mitigating Cloud Security Mistakes

Cloud security mistakes have become all too common in recent years, causing both reputational and financial damage for companies – for example, when marketing firm Octoly discovered that, due to a misconfiguration in its Amazon Web Services (AWS) cloud storage, the private information of 12,000 clients was publicly available for anyone to view. Or the infamous Uber breach, when two hackers gained entry to a third-party cloud-based service provider where sensitive driver and customer data was stored. And don’t forget about the when the Pentagon left 100 GB of classified data from a failed joint intelligence-sharing program — run by the U.S. Army and National Security Agency — publicly accessible for years.

The explosive popularity of cloud computing has resulted in a new attack surface for cybercriminals, one that has troves of valuable, sensitive and often poorly secured data. It’s not a move to make without first asking, what risks exist for cloud data and how can they be mitigated?

Chris Braden is vice president of global channels and alliances at cybersecurity company eSentire. Follow Chris on LinkedIn or @eSentire.