blog


Cloud Control: Setting and Enforcing Policies to Better Manage Risk

Policy
Westcon-Comstor's Joe Tieu

Joe Tieu

By Joe Tieu, Senior Director of Platform and Cloud Vendor Management, Westcon-Comstor

Security is a paramount concern for customers, and rightly so. With data breaches and malicious hacks garnering headlines on a daily basis, there’s seemingly no end to the lengths the bad guys will go to steal information — even through an IP-enabled aquarium in a casino. Of course, most companies don’t have smart fish tanks to worry about, but there’s a good chance that a back door is open somewhere. And as more workloads move to the cloud, it’s getting harder to spot those weak spots.

While most customers realize that cloud can solve business problems more quickly, inexpensively and effectively, many fail to have the proper security policies to safeguard their data in multi-cloud environments. And therein lies the opportunity for the channel.

Management Over Mitigation

Solution providers and MSPs should proactively help customers build and implement security policies in concert with the cloud technologies they implement. Designing an appropriate policy can be a smart— and profitable — way to get close to clients and prospects. It’s simple: Customers that have more control over their technology are better able to manage, not mitigate, security risks. But that message isn’t getting through. By 2018, only 60 percent of enterprises will implement appropriate cloud visibility and control tools. The 40 percent that do, however, will experience one-third fewer security failures, according to Gartner.

Components of the cloud stack under customer control are particularly vulnerable because inexperienced users tend to adopt poor cloud practices, usually unwittingly. That can lead to serious security or compliance failures that don’t reflect well on you as a trusted business and IT adviser. No matter that the fault lies with the customer.

So how do you help customers build a strong cloud security policies? It’s really quite similar to many other IT policies. You need to consider how data is classified, how risk responsibilities are shared and how users use cloud services.

Here’s a brief summary on each:

  • Data Classification: Not all data is created equal, and it shouldn’t be treated as such. This is critically important for companies under strict compliance requirements where data can move between various cloud environments. Many security products can help jump start a classification effort.
  • Shared Responsibility: Different cloud providers have various models governing who is responsible for information as it travels and comes to rest within their infrastructures. Then there are rules about how to protect data on various mobile devices. Knowing who is responsible for data based on its location is important for customers using multiple third-party cloud services. Don’t assume the risk lies with those providers.
  • User Policies: Cloud services can do a lot, but they can’t predict human behavior. Employees need to be well trained on how to correctly use the cloud, not only to be more productive, but to protect company data.

There are plenty of cloud security and management applications in each of these areas, as well as …

Pages:  1 2 Next


Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Polls

We know the channel loves SD-WAN. What's the next big "software-defined" sales opportunity?

View Results

Loading ... Loading ...
The ID is: 63450