Cloud security: A quick guide

Security Key on Keyboard

What is cloud security?

Every IT provider whose customers’ businesses touch the cloud should know something about cloud security and be able to advise on it.

The good news is that generally it’s not about throwing the baby out with the bathwater but deploying familiar security solutions – such as antivirus, traffic monitoring and reporting, perimeter protection, spam filtering, real-time alerts, with analytics – in a cloud-based environment.

Security concerns remain the biggest barrier to further cloud adoption – even within organisations that have already been “in the cloud” for some time. So anything that can help protect customers’ data or information in the cloud must be included or at least considered under a “cloud security” umbrella.

Who is it aimed at?

We could make this section really short and just say “everyone”. Every organisation that is using cloud, that is – and if that's not quite every organisation, it is certainly most of them.

Verticals such as financial services, legal, and healthcare, as well as the public sector, may be particularly fruitful markets for the canny cloud security provider given the large volumes of data they hold and their special requirements around client confidentiality.

Highly mobile organisations may also benefit from additional attention. Their security environments may aim to protect the network without addressing holes potentially created by the many mobile devices now used.

Simply blocking access at more vulnerable organisations will no longer suffice, as users themselves are insisting on adopting this diversity of devices, despite the best efforts of company security policies.

How does it affect the market?

Resources may be exposed to risk that haven’t been in the past.

The approach taken to cloud security can also profoundly affect your customers’ ability to comply with legislative burdens, or combat the general worries that their customers might have about privacy, hacking, and general information and data security.

Risk management is critical; there is an increasing recognition that it isn’t possible to protect organisations completely, so deployments should incorporate an understanding that something could one day penetrate even the best defences.

The key is to have an adequate threat response in place that includes the ability for rapid identification and mitigation of any potential damage. This is a shift from the packaged approach to security – particularly internet security – taken by the channel generally just a few years ago.

Security has become a hot market again; Gartner expects global sales to rise 7.9 percent to $71.1bn in 2015, with an ever-larger slice of that being cloud-based.

Cloud security presents a huge opportunity for the channel and vendors should push forward to introduce programmes that address the demand for such solutions. A great example of one company snatching the opportunity is vArmour, which recently announced the launch of its distributed security system, offering extensible, scalable, independent and actionable controls for businesses.

Atos, Big Technology and EVT have all signed up the channel programme. Sean Catlin, chief technology officer at Atos explains: "The biggest barrier to cloud adoption is security. With vArmour, Atos offers a software based distributed security system that enables our customers/partners to secure private and public cloud consumption, delivering better security, trust and compliance than they have in their traditional data centers today. Within Atos, this is what we call a digital accelerator, enabling IT transformation."

Dean Hickman-Smith, SVP of Field Operations for vArmour adds: "We are at an intersection where enterprises must securely transform their data centers to stay competitive. The movement to distributed systems presents a unique opportunity for our strategic channel partners to transform and accelerate their businesses as well."

"With vArmour, partners can get customers up and running in minutes, instantly visualizing and controlling their most critical applications and data," he says.

Points of interest

Steve Zoberg, VP of operations at Citrix partner Synergy explained the at Citrix Synergy conference that cloud security should be addressed by all vendors including VMWare, Microsoft and Amazon. "It's not really a Citrix specific problem - I think it's an orchestration problem," he said. "The architecture is designed to give you agility and it does that, but it comes at a price."

The comments were made following the launch of Citrix Workspace Cloud, which allows IT managers to create their own cloud-based workspaces. With this control, it's hoped those working in the IT department will be able to ensure their own workspaces are secured sufficiently. However, Zoberg argues that this means partners should communicate the message around security at the very first opportunity.

"We're all over cloud platform, but we have to think about how we're going to architect this because I don't agree with the best practice. We need to be thinking about how we can silo certain segments so if and when [a breach] happens, businesses can still operate," Zoberg told Channelnomics.

However, other thought leaders on the subject believe that to guarantee access across all areas, a layered approach is necessary. Channel companies must look to head off potential cloud security issues from multiple angles.

Information and data must be segmented and prioritised much more comprehensively than in the past. Sensitive information must be treated differently to less-sensitive information, and cross-referenced against the need to retrieve or use the information.

Do many people need access? If so, who – and when? Authentication procedures must be tailored accordingly, and storage as well. Even physical security may need to be considered as part of an effective overall package; CCTV, physical entrances, and so on are increasingly being connected to the network or even the public internet.

All devices and platforms used by the customer organisation, as well as any potential shadow devices and applications, must be considered against the overall cloud security strategy.

An effective solution might encompass access management, data protection, visibility assurance, and operations optimisation. Each aspect can and should be tailored to specific customer requirements, with an eye to adaptability as circumstances and the overall threat environment continue to mutate.

All stakeholders and dispersed locations should be considered in relation to information and data security needs, and all external and internal parties that have access as well – however they achieve that access.

Some companies, such as Sophos, are acquiring specialists in certain areas to expand their product offerings to new areas, via the channel. The company announced the acquisition of Reflexion Networks to widen its reach to email security, building on its existing integrated cloud-based management console.

Reflexion's cloud based email security, archiving, email encryption and business continuity services will all be added to Sophos Cloud, making it a fully-integrated product for its partners to sell to customers.

Kendra Krause, vice president of Global Channels, Sales for Sophos comments: “The solutions developed by Reflexion Networks bring opportunity for Sophos partners to offer new services in the attractive growth market of cloud-based email security, and Reflexion partners have the opportunity to expand their security offerings with the broad Sophos security portfolio.”

David Hughes, CEO of Reflexion Networks adds: “At Reflexion Networks we’ve always been passionate about serving the vast global market of small and midsize businesses with easy to use services delivered through MSPs."

Channel Pro opinion

Security smarts may increasingly prove key to channel business growth, as mistrust in the market following the Snowden NSA leaks continues to fan flames of customer uncertainty when it comes to cloud computing.

Allaying these fears and presenting suitable solutions may seem like a particularly tricky juggling act, but breaking the bigger picture down into bite-size chunks and communicating how the pieces fit together will help reduce customer uncertainty and reluctance to act.

Customers will expect IT providers to be able to communicate what is needed and give pointers on where to find assistance if the latter cannot deliver it.

They’ll first need expert guidance in working out how and what they need to – or should – control in terms of information and data in the cloud. When these requirements have been nutted out, a solution can be developed with an eye to the SLAs.

The right products or services may therefore need to be cherry-picked for each customer from various vendors – and there are distribution partners geared up to assist with this. Vendors, however, will have to play well together and focus more on customer requirements than competing with each other.

It may be a good idea to consider an approach to provision in relation to the Government's recently-released Cloud Security Principles.

Long term revenue should be there, whether in cloud security sales or flowing through a deeper “trusted partner” relationship. This is still about playing a longer, recurring-revenue game in a brave new channel world and – as analysts never tire of reminding us – the channel must change or die.

Fleur Doidge is a journalist with more than twenty years of experience, mainly writing features and news for B2B technology or business magazines and websites. She writes on a shifting assortment of topics, including the IT reseller channel, manufacturing, datacentre, cloud computing and communications. You can follow Fleur on Twitter.

Latest in Cloud Security
AI chatbot text dialogue boxes in difference colours above a digital circuit board with lines of light emanating from it
Enterprise AI is surging, but is security keeping up?
Cloud storage concept image showing digitized cloud symbol with data flows.
AI is putting your cloud workloads at risk
Logo of Google Cloud, which recently announced the Wiz acquisition, pictured at Mobile World Congress 2025 in Barcelona, Spain.
The Wiz acquisition stakes Google's claim as the go-to hyperscaler for cloud security – now it’s up to AWS and industry vendors to react
Wiz logo pictured on a laptop screen.
Google confirms Wiz acquisition in record-breaking $32 billion deal
A multicolored, CGI padlock set against blue and yellow glowing slabs representing SWG and next-gen SWG in a cloud environment.
What is a secure web gateway (SWG) and next-gen SWG?
Cloud computing concept image showing a cloud symbol with electricity flowing to it, signifying cloud uptime capabilities.
Surging CNAPP investment is a big opportunity for the channel
Latest in Feature
A photo of UNSW's Sunswift 7 car pictured in front of Uluru in Australia's Northern Territory.
How UNSW’s Sunswift Racing and Ericsson achieved cross-country connectivity in Australia’s outback
Matt Clifford speaking at Treasury Connect conference in 2023
Who is Matt Clifford?
Open source vulnerabilities concept image showing HTML code on a computer screen.
Open source risks threaten all business users – it’s clear we must get a better understanding of open source software
An abstract CGI image of a large green cuboid being broken in half with yellow, orange, and red cubes to represent ransomware resilience and data encryption.
Building ransomware resilience to avoid paying out
The words "How effective are AI agents?" set against a dark blue background bearing the silhouettes of flowchart rectangles and diamonds to represent the computation and decisions made by AI agents. The words "AI agents" are yellow, while the others are white. The ITPro Podcast logo is in the bottom right-hand corner.
How effective are AI agents?
An illustration showing a mouth with speech bubbles and question marks and a stylized robot alien representing an AI assistant chirping away with symbols and ticks, to represent user annoyance with AI assistants.
On-device AI assistants are meant to be helpful – why do I find them so annoying?