Security, Multi-cloud, and SMBs
Zacky Vaz, Regional Channel Manager, Fortinet discusses the security concerns for SMBs when moving workloads to multi cloud environments
Small and midsize businesses are feeling the pressure to reduce costs, make workers more efficient and increase speed to market, among other 2018 top concerns revealed by SMB-focused analyst firm Techaisle.
With limited human resources available to accomplish all that, many of your small-business customers are looking to technology — specifically, the scalability, accessibility and cost efficiency cloud provides. With cloud services, SMBs can increase storage and computing capabilities during peak hours or seasons and scale back when not as much processing power is necessary. This allows them to serve their customers just as a larger organization would without overbuying internal resources. As we head into the fourth quarter, this is a major selling point for the retail and hospitality verticals.
The cloud also makes information more accessible, allowing employees and consumers to grab necessary data from any location with an internet connection. As a result, 74 percent of SMBs in a Techaisle study say the cloud enables more agility in business operations.
Because infrastructure and updates are maintained by the cloud service provider, smaller organizations see substantial savings upfront in storage and computing infrastructure. The subscription and consumption-based payment models ensure SMBs pay only for what they need, helping to address the No. 1 issue SMBs plan to address in the next year: reducing operational costs.
Still, though the cloud offers multiple benefits to your SMB customers, and plenty of lucrative services to partners, many small businesses have reservations from a security perspective. Integrating cloud or multi cloud environments and on-premises data centers expands the attack surface and increases complexity. This makes it harder for IT teams, which are already limited in resources, to maintain visibility and detect threatening behavior.
While the Techaisle data shows that security is a top priority for 74 percent of SMBs, many do not fully understand the policies, solutions, and IT team resources required to secure the cloud. Additionally, 42 percent of SMBs state that they are unsure which cloud-security measures are most effective. Among the top cloud security concerns are:
- Loss of data when transferring to or from the cloud.
- Insecure interfaces.
- Data breach.
- Malicious insiders.
- DDoS attacks.
As a result, SMBs have largely focused their cloud-security efforts on data and network encryption, and intrusion detection and prevention. These are important controls to have in place, but you must offer additional features that both simplify security regulation for IT teams while also making defenses more comprehensive. These features include the collection and distribution of advanced threat protection and analytics, single-pane-of-glass management and integration with wider security solutions.
Moreover, beyond features, SMBs need support to implement advanced security policies, create data boundaries and segment data — tasks that must be done by an experienced team that understands the policies and technical capabilities needed to secure the cloud. Especially as many cloud service providers rely on what’s known as a shared responsibility model.
Cloud service providers are constantly making updates and investments to ensure the security of cloud infrastructure and software, but they’re not on the hook for everything. Cloud providers take responsibility for ensuring the security of their SaaS, IaaS and PaaS offerings. This means keeping them free of vulnerabilities and ensuring the physical security of the hardware. Cloud service providers also provide encryption for data at rest and access-management capabilities. Individual organizations are responsible for securing what’s in the cloud. This is the shared responsibility model.
In an EC2 instance, for example, AWS takes responsibility for its hardware, connectivity and the software running its compute, storage, database and network operations. The customer generally must keep the guest operating system, as well as any application software or utilities, updated and patched, and properly configure the AWS-provided firewall. This means your customers must have policies and solutions in place to prevent data loss, unauthorized access via vulnerable applications and endpoints, and more.
This is why it’s necessary for your SMB customers to be aware of their level of responsibility and understand the most effective security policies and solutions when moving to the cloud. As informed consultants, you can provide information on the types of solutions they will need to secure the cloud, as well as the core capabilities of these solutions, such as integration with on-premises security controls. When advising customers, look for simplified management and visibility combined with the ability to maintain comprehensive, integrated security capabilities. This is especially important as SMB teams generally have fewer resources to devote to security.
Of course, it’s also a digital services opportunity. The key is to make sure customers understand that while the cloud is not inherently unsafe, moving data into Azure or AWS doesn’t mean they can then ignore security.