IT Facing Major Security Issues, But Cloud Security May Be Most Immense

Written by Kelly Teal
February 12, 2021

A number of reports point to security problems within client environments, but cloud could be the biggest.

No surprise: IT leaders continue to cite environment-wide security as one of their biggest challenges. Cloud security ranks among the most pressing of those issues. But of course, it’s not the only one.

For 72% of people responding to Snow Software for its 2021 IT Priorities Report, ensuring overall security presents significant obstacles. And they said fears around security grew when considering technology that IT either doesn’t know about or doesn’t manage.

That’s not a shock. Ever since COVID-19 struck last year, organizations have faced more IT and cloud security problems. The pandemic spurred a sudden, global shift to remote work and simultaneous, unplanned cloud adoption. In fact, by last September, total cloud spending among many organizations had risen 19.3% over April, the first full month of pandemic-related restrictions. That’s according to VMware and its report, How 2020 Changed the Way We Use the Cloud.

Meantime, employees newly working from home often realized they did not have the tools they needed to do their jobs well. So, they downloaded, sometimes on the sly, cloud resources for collaboration that might not have been IT-approved.

All this has led to a security crisis within IT. COVID-19 opened the door for hackers worldwide to exploit new security gaps. And they continue to take advantage of those holes.

The Human Factor

Yet managed security service providers know external threats aren’t the only ones they have to worry about on customers’ behalf. Clients’ employees threaten the integrity of the work environment, too, even if they don’t mean to do so. Insider breaches remain a big problem for IT. This year alone, enterprises and SMBs can expect insider incidents to reach 33%, up from 25%, per Forrester Research.

“The overall number of insider threats will also be pushed higher as firms get better at identifying and attributing incidents to insider activity,” analysts wrote in the company’s Predictions 2021 report.

Of course, while insider threats may not necessarily be intentional, that does not reduce their impact. As Guru Pai, CEO of Privafy, said last year, “the human being will continue to be the most vulnerable part of cybersecurity. Either consciously or unconsciously, that’s going to be the place where compromise happens.”

Combined – and even separately – internal and external threats qualify as giant security problems. But if new findings from Infrascale offer any indication, MSPs and MSSPs benefit. Three in four (74%) respondents told the data protection vendor they turn to MSPs for help with their security needs.

Meantime, and at the risk of sounding repetitive, most of these organizations are moving workloads into the cloud. Or they have already moved them. They are doing so for better efficiency and, often, improved security. The question is whether partners are ready to handle the specific security challenges that accompany cloud.

Cloud Security Strategies for MSPs/MSSPs to Embrace

Infrascale’s Russell Reeder

“MSPs need to bolster their cloud migration and cloud security capabilities – especially for finance, education, health care, and manufacturing – so as to be prepared for the ultimate need of digital transformation and successful cutovers to the cloud,” said Russell Reeder, Infrascale CEO.

Brian Allison, vice president of global channels and alliances at Snow, agreed.

Snow Software’s Brian Allison

“Those MSPs that already specialize in providing cloud services and support may be seeing exponential gains compared to those who may be early in their journey to add cloud into their offerings,” he told Channel Futures. “For ‘born in the cloud’ MSPs, there seems to be a real opportunity to increase the potential for growth by adding support for more than one public cloud provider and embracing multicloud services. For those MSPs who primarily still focus on legacy enterprise technologies, now is the time to accelerate your organization’s own transformation.”

A key way to do this, Allison added, is to hire people who know cloud and security in depth.

“The opportunity provided by the cloud has created a double-edged sword for MSPs,” Allison said. “While there are huge growth opportunities, the market value of cloud talent has also gone up. The talent that MSPs may have in their organization is also being sought after by the public cloud providers like AWS, Microsoft and Google. And to develop a cloud expert, certain corners cannot be cut.”

Partnering with Other Partners

Another recommendation? Consolidate or partner with other MSPs and/or MSSPs.

“Bringing together a shop with AWS experience and another with Azure, for example, would certainly help diversify offerings and provide additional opportunities for growth,” Allison said. “Or acquisitions of boutique MSPs known for their unique skills by larger MSPs may be in order.”

Aptum’s Craig Tavares

Along the way, MSPs/MSSPs must keep in mind that a cloud environment is only as secure as the polices and controls that oversee it. Managed hosting provider Aptum discovered in a recent survey that 82% of IT professionals face this dilemma as they expand and diversify their cloud infrastructure.

“Although no single solution on its own can guarantee 100% security, especially in a multi/hybrid cloud approach, experienced partners can assist organizations in choosing the right combination of security technologies that complements their workloads no matter where they are hosted and ensure visibility across disparate environments,” said Craig Tavares, global head of cloud at Aptum.