By Derek Handova

As cloud computing enters its second decade, it’s no longer just a place to experiment. It’s now ready for wider scale investment, says Gartner. However, experts believe that effective cloud security needs to be a part of an overall managed-service-provider (MSP) strategy and not something that can be treated as a separate practice.

“As an IT service provider managing performance and availability for our customers who work in the world of nonstop business – including SaaS providers, operators of ATM networks, midsize global companies and North American companies running multiple shifts – we have been pulled into the security market,” says Oli Thordarson, founder and CEO of Alvaka Networks, an MSP of cloud and on-premises IT and network solutions. “A good IT service provider can’t help but build a security practice to address all the threats facing customers daily. Everything security needs to be addressed from the time we start system design, as we manage the system day to day as well as when we address a security incident.”

By pursuing an integrated approach to cloud security, MSPs can keep the big picture in mind and get a leg up on the competition. In that vein, let’s explore some industry best practices for MSPs interested in growing their presence in the cloud-security market.

Why MSPs Should Offer Cloud Security

With all the services already offered by MSPs in the cloud computing space, some may ask how much sense it makes to layer a complex solution like security on top. And while platform providers like AWS offer customer cloud security on the outside of the cloud, security between instances is the responsibility of the customer or the MSP on behalf of the customer. And when the MSP provides cloud security on behalf of its customers, the per “unit” cost can be significantly lower.

Bitdefender’s Liviu Arsene

“Organizations of all sizes are seeing the benefits of cost savings, agility and simplified operations by turning to cloud providers to host their desktops, servers, or applications, with 94 percent of all workloads estimated to be processed by cloud data centers in 2021,” says Liviu Arsene, Bitdefender global cybersecurity analyst. “Service providers have a significant opportunity in helping their customers transition and adopt cloud services, realizing the business benefits associated with this cloud paradigm.”

The fact of the matter is that cloud security is badly needed as evidenced by data breaches at Yahoo, Dropbox, Equifax, Facebook, LinkedIn, and more.

“Cloud security has become a necessity, due to HIPAA, GDPR and other regulatory and compliance reasons,” says Sharad Suthar, CEO and founder, Strategic Response Systems, provider of IT services to midsize businesses, professional services firms and entrepreneurial ventures. “By not having adequate security, companies can be subject to huge fines and damage to their reputation.”

The Cloud Security Market Opportunity for MSPs

According to a recent Gartner report, the managed security services market is growing at a healthy rate — in 2016, the market grew 10 percent, to reach $9.4 billion in revenue. Gartner found similar results for 2017. The lack of IT expertise to secure cloud applications and other business innovations involving the internet of things (IoT) is helping to fuel this growth in managed security services, experts say.

“To succeed in this growing market, MSPs must provide a one-stop shop for their customers helping them scale and rapidly ramp up cloud security, network access control, mobility management and visibility capabilities,” says Dan Dearing, senior director of product marketing at Pulse Secure, a provider of integrated and flexible hybrid IT secure access solutions. “Such a security platform helps MSPs differentiate their security offerings for enterprises of all sizes by helping defeat the latest cyberthreats and providing a single security standard that tackles the security roadblocks that hinder business use of the cloud, mobile devices and IoT.”

And for use cases like micro segmentation and real-time threat detection and response, expectations are also that demand for managed security services will continue to rise and adoption will be driven by …

… the growing complexity of enterprise IT infrastructure.

“Including IoT and multicloud challenges, the ongoing shortage of security professionals, and as cyberthreats continue to evolve, represents an incredible opportunity for those MSPs who can adapt to the new dynamics and deliver the greatest value,” says Todd Bice, senior director of channels for GuardiCore, an innovator in data center and cloud security. “To succeed, MSPs must first recognize how the market’s needs are changing and then identify what new capabilities they will need to address changing demands.”

Key Requirements for MSP Cloud Security

Easily, the most challenging transition for MSPs and cloud security will be shifting their focus to securing dynamic applications, experts say. That’s because most strategies for security were built around securing legacy applications, which are largely static.

Array Networks’ Vinod Pisharody

“However, today’s applications are highly dynamic,” says Vinod Pisharody, CTO for Array Networks, provider of performance and complexity solutions for virtualized networking, security and application delivery. “By this, I mean they can exist as an instance in the public cloud, as an instance in a private cloud, or sit as a virtual-physical instance in a data center. What’s more, modern applications are much more decentralized; hence, securing these applications requires a flexible, modular and layered approach.”

As a result, a comprehensive security solution must provide a framework where policies can be applied at multiple layers such as the IP and application layers, and the solution must also have an efficient way to get to clear-text application payload to apply any policies, according to Pisharody.

“Having a cloud-native, distributed and scalable network stack that allows security functions to tap into multiple network layers in addition to application payloads will help secure modern applications in the most granular manner,” Pisharody says. “Every component of such a solution can be scaled independently to provide a highly efficient security solution.”

For example, when it comes to email security and data protection, some of the things MSPs need to take into account when selecting solutions for their customers include the ability to provide advanced threat protection.

“That stops email threats before they reach the end-user’s inbox and provides business continuity, archiving and backup for compliance,” says Neal Bradbury, senior director of business development for Barracuda MSP, the MSP-dedicated business unit of Barracuda Networks. “And a fraud protection layer will stop spear-phishing attacks. Furthermore, MSPs should not overlook the value of training and security awareness for end users.”