Cloud Security 101: A Partner's Perspective
By Arthur Rutherford
When I went to work for IBM in the early 2000s, one of the first things I learned was how to work with business partners to create hardware and software solutions for the SMB space. At that time, the business model for partners was unambiguous: Hardware in all its forms, and the corresponding software it supported, were sold in a tangible transaction. The idea of “no physical transfer of goods and services," as the world is trending with the cloud and virtualization, seemed impossible to grasp.
Now, the face of the modern data center has changed forever. More and more applications are moving to the cloud, virtualization density is at an all-time high, and the hybrid cloud is now a reality. Still, it’s natural for customers to have concerns when their data doesn’t reside in their own server room or closet.
As a result, security is now top of mind. Unfortunately, however, there are not enough skilled professionals to keep pace with fast-moving threats. The complexity of securing a hybrid cloud, in particular, requires well-trained experts at the helm. Recent industry estimates place the number of unfilled cybersecurity jobs each year in excess of 1 million. There simply isn’t enough talent to protect all the companies progressing through today’s digital transformation.
In my last five years at Microsoft, I was involved with its data-center business, which resulted in working with large-scale clients to move applications to Azure. It was eye-opening on many levels. Early on, I realized that Microsoft was very serious in trying to compete with AWS for public cloud market share and, without a doubt, the behemoth in Redmond had plenty of resources in place. In fact, the sheer size and scope of the Microsoft data center is worthy of a sightseeing tour should you ever have the opportunity.
Shared Security Responsibility
The cloud shared-security model articulates the responsibility of the vendor to secure the cloud (physical data centers, role-based and time-bound access to customer environments, etc.). On the flip side, the customer is responsible for the security of their applications residing in the cloud (in IaaS and PaaS environments). With both Microsoft and AWS talking very openly about the shared-responsibility model, partners have a decision to make both in terms of their businesses and how to support clients’ transformations to consume the public cloud.
In my experience, partners in both the AWS and Azure ecosystems are very used to leveraging the rich ISV (independent software vendor) ecosystem of tools and solutions that enhance both public cloud providers.
Managed Security Services: The Next Opportunity: Join Armor director of strategic alliances Bill Gauthier at the Channel Partners Conference & Expo to learn about top traits of the most successful reseller and MSP partners. Register now!
For most regional and national systems integrators, cloud security is new ground. It’s uncomfortable, unnatural and complex. They know they need an answer, but choosing the right solution, or multiple solutions, is overwhelming. In some cases, they’ve taken a tool, or a set of tools, to market and offered them as a solution. But, this approach doesn’t solve the talent shortage and does not create favorable security outcomes.
To adapt and thrive in this new era, consider the following when determining if a cloud security provider is a good fit for your business as well as your client base:
- Ensure that you understand what the outcome for the customer or solution will be. Just because you have a security system at your house doesn’t mean you won’t get robbed. The solution should have clear metrics of that indicate success, complete with compliance adherence.
- Is this solution proactive? Often, tools just create more clutter. For the CISOs and CIOs I’ve met with, this is the last result they want. It is essential to stay ahead of the threats and have a mix of protection and detection to filter out the noise.
- How does the supplier support your business? There is nothing worse than signing a new partnership agreement, with promises of great margin, if the solution is not a fit for your practice and the sales teams lack proper training. It is important to ensure partners have onboarding in place, and incentives to train a salesforce to start identifying initial leads and opportunities right out of the gate.
- Is the solution aligned with the cloud vendor(s) your company and customers work with? The race to innovation in the cloud is real, and there are more vendor options out there than ever. In a recent conversation with the AWS Security Marketplace security team, we asked: “What’s missing from their marketplace?" With more than 500 products available, they responded: “It’s not that anything is missing, it’s simply too difficult for a customer to understand what to purchase, integrate and manage in their AWS environment."
Maintaining security in the cloud means having expertise in both cloud and security. Select a partner who excels in both areas, ensuring that you are offering the very best-of-breed to your sales teams.
Arthur Rutherford IV, director of strategic partners & and alliances at Armor, the First Totally Secure Cloud Company™ that keeps sensitive, regulated data safe and compliant in the cloud.