By Dan Mannion, VP, partners & alliances, Armor
I recently had the pleasure of attending my 12th Microsoft Inspire conference, mingling with more than 17,000 partners from around the world and several thousand Microsoft leaders. Notably, Microsoft CEO Satya Nadella outlined a $4.5+ trillion-dollar opportunity for Microsoft partners to take advantage of its innovations in cloud computing, natural UIs and IoT, which are key components of the digital transformation underway for the vast majority of organizations.
For security-minded folks like me, the true highlight, however, was Brad Smith’s keynote. For the first time ever, one of Microsoft’s most senior execs dedicated 20-minutes of prime stage time to emphasizing cybersecurity and the growing threat to organizations and individuals alike. Smith also focused on the responsibility we have to secure customer data in the cloud.
I’d argue that Microsoft, more than any company, has a unique view of the increasing challenges we face from ransomware like WannaCry, Petya, NotPetya; new regulations such as the EU’s GDPR and South Africa’s POPI; and a severe cybersecurity talent shortage. He called on the industry to share the responsibility to keep customer data safe, so I thought I’d take a moment and highlight what that means for partners helping customers moving to Azure.
The Azure Shared Responsibility Model states very simply that Microsoft will secure the cloud – physical data centers, networks – and control access by Microsoft employees to ensure customers their data will not be compromised from those vectors. However, once a customer puts their application(s) in the cloud, the customer is responsible for securing the virtual machines, application servers, database servers and all the network ports used to access cloud applications.
|Shadow Influencers: Do You See Them Now? Jay McBain, channel influencer and principle Forrester analyst, says we may be seeing the most disruptive market yet. Why? Line-of-business executives leading technology decisions — and looking to a new set of hyperspecialized partners. Are you positioned to thrive? Find out!|
Unfortunately, this concept is misunderstood by most customers. In fact, in one IDC study surveying IT leaders about who’s responsible for the security of their applications in the cloud, 85 percent said the cloud provider.
Wrong. The correct answer is the person in the mirror. When we help customers understand this responsibility, it typically raises questions in three key areas:
As CIO, do you make it one person’s full-time job to secure applications in Azure? Do you cross-train your entire team? Can you re-use your response and remediation plan for Azure, or do you need to design a new one? If your credentials in the cloud get compromised, does that raise your risk of compromise in your own data center? What new approaches will be needed for compliance audits, and have any audit risks been introduced?
We’ve heard from top Microsoft executives loud and clear that the threat landscape and compliance regulations are getting more difficult to keep up with. Partners have a shared responsibility to help customers be secure. While the challenge is real, being prepared starts by doing your homework to understand exactly what your role in security is and applying resources accordingly. With appropriate planning and an organizational commitment to make security a priority, CIOs can realize the full benefits of the cloud so they can focus on productivity and performance.
Dan Mannion is vice president, partners & alliances at Armor, the First Totally Secure Cloud Company that keeps sensitive, regulated data safe and compliant in the cloud. For more information, visit www.armor.com.